漏洞类别:RedHat
漏洞等级: 
漏洞信息
The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.
Security Fixes: openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)
Affected Products:
Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le
漏洞危害
On successful exploitation it could allow an attacker to execute code.
解决方案
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.
Refer to Red Hat security advisory RHSA-2018:2523 to address this issue and obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论