CVE-2018-14432

by Fred · 31/07/2018

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Date published : 2018-07-31

http://www.securityfocus.com/bid/104930

https://www.debian.org/security/2018/dsa-4275

CVE-2018-14432

Related

Recent Posts

Categories

Latest CWE

CVE-2018-14432

Share this:

Related

Recent Posts

Categories

Tags

Latest CWE