CVE-2018-14432 vulnerability in OpenStack and Other Products
Published on July 31, 2018

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2018-14432

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-14432 are published in these products:

OpenStack Keystone

Red Hat Openstack

Debian Linux

Exploit Probability

EPSS

1.14%

Percentile

78.18%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-14432 vulnerability in OpenStack and Other ProductsPublished on July 31, 2018

Products Associated with CVE-2018-14432

Exploit Probability

CVE-2018-14432 vulnerability in OpenStack and Other Products
Published on July 31, 2018