Lucene search
Veracode Vulnerability DatabaseVERACODE:22143HistoryDec 10, 2019 - 3:00 a.m.
Information Disclosure
2019-12-1003:00:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.018 Low
EPSS
Percentile
88.2%
openstack keystone is vulnerable to information disclosure. Any authenticated user is able to list the credentials of any user using the /v3/credentials API when enforce_scope is set to false. The leaked credentials include sign-on information for Time-based OTP.
References
www.openwall.com/lists/oss-security/2019/12/11/8
access.redhat.com/errata/RHSA-2019:4358
bugs.launchpad.net/keystone/+bug/1855080
bugs.launchpad.net/keystone/+bug/968696
review.opendev.org/#/c/697355/
review.opendev.org/#/c/697611/
review.opendev.org/#/c/697731/
security.openstack.org/ossa/OSSA-2019-006.html
Related
redhat
redhat
(RHSA-2019:4358) Important: openstack-keystone security update
2019-12-19 19:16:28
ubuntu
ubuntu
OpenStack Keystone vulnerability
2020-01-30 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4262-1)
2020-01-31 00:00:00
osv
osv
CVE-2019-19687
2019-12-09 18:15:09
PYSEC-2019-29
2019-12-09 18:15:00
OpenStack Keystone Credential Leakage
2022-05-24 17:02:55
nessus
nessus
RHEL 8 : openstack-keystone (RHSA-2019:4358)
2024-04-28 00:00:00
Ubuntu 19.10 : OpenStack Keystone vulnerability (USN-4262-1)
2020-01-31 00:00:00
cve
cve
CVE-2019-19687
2019-12-09 18:15:09
nvd
nvd
CVE-2019-19687
2019-12-09 18:15:09
symantec
symantec
OpenStack Keystone CVE-2019-19687 Information Disclosure Vulnerability
2019-12-09 00:00:00
debiancve
debiancve
CVE-2019-19687
2019-12-09 18:15:09
cvelist
cvelist
CVE-2019-19687
2019-12-09 17:14:14
redhatcve
redhatcve
CVE-2019-19687
2019-12-12 01:20:56
ubuntucve
ubuntucve
CVE-2019-19687
2019-12-09 00:00:00
prion
prion
Design/Logic Flaw
2019-12-09 18:15:00
github
github
OpenStack Keystone Credential Leakage
2022-05-24 17:02:55