—
PYSEC-2026-653
OpenStack Identity Keystone Exposure of Sensitive Information
상세
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2014-3621 [ADVISORY]
- https://github.com/openstack/keystone/commit/2989ff257e4fde6a168e25b926805e700406aa80 [WEB]
- https://github.com/openstack/keystone/commit/52714633c9a4dae5e60279217090859aa6dbcb4f [WEB]
- https://access.redhat.com/errata/RHSA-2014:1688 [WEB]
- https://access.redhat.com/errata/RHSA-2014:1789 [WEB]
- https://access.redhat.com/errata/RHSA-2014:1790 [WEB]
- https://access.redhat.com/security/cve/CVE-2014-3621 [WEB]
- https://bugs.launchpad.net/keystone/+bug/1354208 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=1139937 [WEB]
- http://rhn.redhat.com/errata/RHSA-2014-1688.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2014-1789.html [WEB]
- http://rhn.redhat.com/errata/RHSA-2014-1790.html [WEB]
- http://www.openwall.com/lists/oss-security/2014/09/16/10 [WEB]
- http://www.ubuntu.com/usn/USN-2406-1 [WEB]
- https://pypi.org/project/keystone [PACKAGE]
- https://github.com/advisories/GHSA-8v8f-vc72-pmhc [ADVISORY]