CVE-2018-14432 Red Hat Update for openstack-keystone (RHSA-2018:2523)




The OpenStack Identity service (keystone) authenticates and authorizes OpenStack users by keeping track of users and their permitted activities. The Identity service supports multiple forms of authentication, including user name and password credentials, token-based systems, and AWS-style logins.

Security Fixes: openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects (CVE-2018-14432)

Affected Products:

Red Hat OpenStack 12 x86_64
Red Hat OpenStack for IBM Power 12 ppc64le


On successful exploitation it could allow an attacker to execute code.


Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:2523 to address this issue and obtain more information.

Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:2523: Red Hat Enterprise Linux

Leave a Reply