Lucene search
Veracode Vulnerability DatabaseVERACODE:13048HistoryJan 15, 2019 - 9:25 a.m.
Information Disclosure
2019-01-1509:25:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.001
Percentile
43.9%
openstack-keystone is vulnerable to information disclosure. An authorization bypass on the listing projects via an authenticated GET /v3/OS-FEDERATION/projects request allows authenticated users to discover projects they have no authority to access, disclosing the project and attributes information.
References
Related
redhat
redhat
(RHSA-2018:2543) Important: openstack-keystone security update
2018-08-22 16:12:38
(RHSA-2018:2523) Important: openstack-keystone security and bug fix update
2018-08-20 12:40:00
(RHSA-2018:2533) Important: openstack-keystone security update
2018-08-21 16:37:51
nessus
nessus
RHEL 7 : openstack-keystone (RHSA-2018:2533)
2024-04-27 00:00:00
RHEL 7 : openstack-keystone (RHSA-2018:2523)
2024-04-27 00:00:00
Debian DSA-4275-1 : keystone - security update
2018-08-17 00:00:00
debian
debian
[SECURITY] [DSA 4275-1] keystone security update
2018-08-16 20:49:26
openvas
openvas
Debian: Security Advisory (DSA-4275-1)
2018-08-15 00:00:00
redhatcve
redhatcve
CVE-2018-14432
2018-07-25 22:49:16
cvelist
cvelist
CVE-2018-14432
2018-07-31 14:00:00
ibm
ibm
cve
cve
CVE-2018-14432
2018-07-31 14:29:00
osv
osv
CVE-2018-14432
2018-07-31 14:29:00
keystone - security update
2018-08-16 00:00:00
ubuntucve
ubuntucve
CVE-2018-14432
2018-07-31 00:00:00
prion
prion
Cross site request forgery (csrf)
2018-07-31 14:29:00
nvd
nvd
CVE-2018-14432
2018-07-31 14:29:00
debiancve
debiancve
CVE-2018-14432
2018-07-31 14:29:00