Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14432

Опубликовано: 31 июл. 2018
Источник: nvd
CVSS3: 5.3
CVSS2: 3.5
EPSS Низкий

Описание

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:12:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
Версия до 11.0.4 (исключая)
cpe:2.3:a:openstack:keystone:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:13.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 79%
0.012
Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2018-14432

CVSS3: 5.3
ubuntu
больше 7 лет назад

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

redhat логотип

CVE-2018-14432

CVSS3: 5.3
redhat
больше 7 лет назад

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

debian логотип

CVE-2018-14432

CVSS3: 5.3
debian
больше 7 лет назад

In the Federation component of OpenStack Keystone before 11.0.4, 12.0. ...

github логотип

GHSA-v25x-mmfh-g7w6

CVSS3: 5.3
github
больше 3 лет назад

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

EPSS

Процентиль: 79%
0.012
Низкий

5.3 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-200