Описание
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одно из
EPSS
4 Medium
CVSS2
Дефекты
Связанные уязвимости
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
The catalog url replacement in OpenStack Identity (Keystone) before 20 ...
OpenStack Identity Keystone Exposure of Sensitive Information
EPSS
4 Medium
CVSS2