CVE-2018-14432

CVE-2018-14432

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Source: CVE-2018-14432

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다