Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2019-19687

Published: 09/12/2019 Updated: 20/12/2019
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N
Subscribe to Keystone

Vulnerability Summary

OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, which could (for example) leak sign-on information for Time-based One Time Passwords (TOTP). Deployments with enforce_scope set to false are affected. (There will be a slight performance impact for the list credentials API once this issue is fixed.)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

openstack keystone 15.0.0

openstack keystone 16.0.0

Vendor Advisories

Red Hat: Important: openstack-keystone security update
Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic An update for openstack-keystone is now available for Red Hat OpenStackPlatform 15 (Stein)Red Hat Product Security has rated this update as having a security impactof Important A Common Vulnerability Sc ...
Debian CVElist Bug Report Logs: keystone: CVE-2019-19687
Debian Bug report logs - #946614 keystone: CVE-2019-19687 Package: src:keystone; Maintainer for src:keystone is Debian OpenStack <team+openstack@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 11 Dec 2019 22:15:02 UTC Severity: grave Tags: security, upstream Found in version key ...
Ubuntu Security Notice: keystone vulnerability
OpenStack Keystone could be made to expose sensitive information over the network ...

References

CWE-522https://review.opendev.org/#/c/697611/https://review.opendev.org/#/c/697355/https://review.opendev.org/#/c/697731/https://bugs.launchpad.net/keystone/+bug/1855080https://security.openstack.org/ossa/OSSA-2019-006.htmlhttp://www.openwall.com/lists/oss-security/2019/12/11/8https://access.redhat.com/errata/RHSA-2019:4358https://usn.ubuntu.com/4262-1/https://access.redhat.com/errata/RHSA-2019:4358https://usn.ubuntu.com/4262-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code executionCVE-2024-34909CVE-2024-3317SSTICVE-2024-3400CVE-2024-30051wirelessCVE-2024-4622CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook