CVE-2019-19687

Опубликовано: 09 дек. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 3.5

CVSS3: 8.8

Описание

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

Релиз	Статус	Примечание
bionic	not-affected	2:13.0.2-0ubuntu1
devel	released	2:17.0.0~b1~git2019121613.db81fee63-0ubuntu1
disco	ignored	end of life
eoan	released	2:16.0.0-0ubuntu1.1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	2:13.0.2-0ubuntu1
esm-infra/xenial	not-affected	2:9.3.0-0ubuntu3.2
precise/esm	DNE
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

3.5 Low

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2019-19687

CVSS3: 8.1

redhat

около 6 лет назад

CVE-2019-19687

CVSS3: 8.8

nvd

около 6 лет назад

CVE-2019-19687

CVSS3: 8.8

debian

около 6 лет назад

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in th ...

GHSA-2j23-fwqm-mgwr

CVSS3: 8.8

github

больше 3 лет назад

OpenStack Keystone Credential Leakage

3.5 Low

CVSS2

8.8 High

CVSS3

CVE-2019-19687

Описание

Пакет keystone

Ссылки на источники

Связанные уязвимости