Oval Definition:oval:com.ubuntu.bionic:def:2018144320000000
Revision Date:2018-07-31Version:1
Title:CVE-2018-14432 on Ubuntu 18.04 LTS (bionic) - low.
Description:In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-14432
Platform(s):Ubuntu 18.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 18.04 LTS (bionic) is installed.
  • AND keystone package in bionic, is related to the CVE in some way and has been fixed (note: '2:13.0.0-0ubuntu1').
  • BACK