CVE-2018-14432

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-14432
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14432.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-14432
Downstream
Related
Published
2018-07-31T14:29:00.713Z
Modified
2026-04-10T04:05:51.858459Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

References

Affected packages

Git / github.com/openstack/keystone

Affected ranges

Type
GIT
Repo
https://github.com/openstack/keystone
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3e5fca06c6b7dd6060721faa39428b133edd10f0
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ade177ad357d28746ab4203e56a74e6e1e89c074
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e2d33c2819b1f52e7ee651d06d0ed50fd54fad15
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
847676854572e0c36535048b731f966590adb746
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "11.0.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "12.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "13.0.0"
        }
    ]
}

Affected versions

10.*
10.0.0.0b1
10.0.0.0b2
10.0.0.0b3
10.0.0.0rc1
11.*
11.0.0
11.0.0.0b1
11.0.0.0b2
11.0.0.0b3
11.0.0.0rc1
11.0.1
11.0.2
11.0.3
12.*
12.0.0
12.0.0.0b1
12.0.0.0b2
12.0.0.0b3
12.0.0.0rc1
12.0.0.0rc2
13.*
13.0.0
13.0.0.0b1
13.0.0.0b2
13.0.0.0b3
13.0.0.0rc1
13.0.0.0rc2
2011.*
2011.3
2013.*
2013.2.b1
2013.2.b3
2013.2.rc1
2014.*
2014.1.b1
2014.1.b2
2014.1.b3
2014.1.rc1
2014.2.b1
2014.2.b2
2014.2.b3
2014.2.rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
8.*
8.0.0.0b1
8.0.0.0b2
8.0.0.0b3
8.0.0.0rc1
8.0.0a0
9.*
9.0.0
9.0.0.0b1
9.0.0.0b2
9.0.0.0b3
9.0.0.0rc1
9.0.0.0rc2
9.0.0.0rc3
Other
essex-4
essex-rc1
folsom-1
folsom-2
folsom-rc1
grizzly-1
grizzly-2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14432.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13"
            }
        ]
    }
]