Ubuntu Security Notice 4262-1 - Daniel Preussker discovered that OpenStack Keystone incorrectly handled the list credentials API. A user with a role on the project could use this issue to view any other user's credentials.
d08410626ee722a2245fd4e1c50b7b76472e8ac15b9df8d7edb8839823169ff0Red Hat Security Advisory 2019-4358-01 - The OpenStack Identity service authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins. An issue was addressed where the credentials API allowed non-admin users to list and retrieve all users credentials.
8d64a15f8acd37509d405de1e4329f96f3110df713ea6216a2650682dc3e0346
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed