CVE-2018-14432 Red Hat Update for openstack-keystone (RHSA-2018:2523)

漏洞类别:RedHat

漏洞等级: 

漏洞信息

The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

Security Fixes: openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le

漏洞危害

On successful exploitation it could allow an attacker to execute code.

解决方案

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2523 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2523: Red Hat Enterprise Linux

Leave a Reply