CVE-2019-19687

A disclosure vulnerability was found in openstack-keystone's credentials API. Users with a project role are able to list any credentials with the /v3/credentials API when enforcescope is false. Information for time-based one time passwords TOTP may also be disclosed. Deployments running keystone...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

Design/Logic Flaw

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admintoken secret by reading the file...

CVE-2013-1977

OpenStack CVE-2013-1977 affects Keystone.conf handling in devstack/OpenStack deployments. The root cause is world-readable permissions on keystone.conf, enabling local users to read sensitive data such as LDAP passwords and the admin_token. Multiple connected sources corroborate this issue across...