Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 25 Jul 2018 13:00:39 -0500
From: Matthew Thode <>
Subject: [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project
 information (CVE-2018-14432)

OSSA-2018-002: GET /v3/OS-FEDERATION/projects leaks project information

:Date: July 25, 2018
:CVE: CVE-2018-14432

- Keystone: <11.0.4, ==12.0.0, ==13.0.0

Kristi Nikolla with Boston University reported a vulnerability in
Keystone federation. By doing GET /v3/OS-FEDERATION/projects an
authenticated user may discover projects they have no authority to
access, leaking all projects in the deployment and their attributes.
Only Keystone with the /v3/OS-FEDERATION endpoint enabled via
policy.json is affected.

- (Ocata)
- (Pike)
- (Queens)
- (Rocky)

- Kristi Nikolla from Boston University (CVE-2018-14432)


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ