Lucene search
MitreCVELIST:CVE-2019-19687HistoryDec 09, 2019 - 5:14 p.m.
CVE-2019-19687
2019-12-0917:14:14
mitre
www.cve.org
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users’ credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)
Related
redhat
redhat
(RHSA-2019:4358) Important: openstack-keystone security update
2019-12-19 19:16:28
ubuntu
ubuntu
OpenStack Keystone vulnerability
2020-01-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4262-1)
2020-01-31 00:00:00
cve
cve
CVE-2019-19687
2019-12-09 18:15:09
osv
osv
PYSEC-2019-29
2019-12-09 18:15:00
CVE-2019-19687
2019-12-09 18:15:09
OpenStack Keystone Credential Leakage
2022-05-24 17:02:55
nvd
nvd
CVE-2019-19687
2019-12-09 18:15:09
veracode
veracode
Information Disclosure
2019-12-10 03:00:48
nessus
nessus
RHEL 8 : openstack-keystone (RHSA-2019:4358)
2024-04-28 00:00:00
Ubuntu 19.10 : OpenStack Keystone vulnerability (USN-4262-1)
2020-01-31 00:00:00
redhatcve
redhatcve
CVE-2019-19687
2019-12-12 01:20:56
ubuntucve
ubuntucve
CVE-2019-19687
2019-12-09 00:00:00
prion
prion
Design/Logic Flaw
2019-12-09 18:15:00
github
github
OpenStack Keystone Credential Leakage
2022-05-24 17:02:55
symantec
symantec
OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability
2019-12-09 00:00:00
debiancve
debiancve
CVE-2019-19687
2019-12-09 18:15:09