CVE-2014-3621
published 2014-10-02CVE-2014-3621: The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive…
medium4CVSS 3.1
AVNACLAuSCPINAN
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | keystone | < keystone 2014.1.3-1 (bookworm) | keystone 2014.1.3-1 (bookworm) |
| openstack | keystone | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | keystone | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | keystone | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | keystone | >= 0 < 2014.1.3-1 | 2014.1.3-1 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
| openstack | keystone | >= 2013.2 < 2013.2.3 | 2013.2.3 |
| openstack | keystone | >= 2014.1 < 2014.1.2.1 | 2014.1.2.1 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM