Vulnerability CVE-2018-14432

Vulnerability Name:

CVE-2018-14432 (CCN-147412)

Assigned:

2018-07-25

Published:

2018-07-25

Updated:

2021-08-04

Summary:

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
3.8 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2018-14432

Source: CCN
Type: OSSA-2018-002
GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)

Source: CCN
Type: IBM Security Bulletin 794471 (Cloud PowerVC Manager)
PowerVC is affected by an Openstack Keystone vulnerability that could allow a remote authenticated attacker to discover restricted projects (CVE-2018-14432)

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20180725 [OSSA-2018-002] GET /v3/OS-FEDERATION/projects leaks project information (CVE-2018-14432)

Source: BID
Type: Third Party Advisory, VDB Entry
104930

Source: CCN
Type: BID-104930
OpenStack Keystone CVE-2018-14432 Information Disclosure Vulnerability

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2523

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2533

Source: REDHAT
Type: Vendor Advisory
RHSA-2018:2543

Source: XF
Type: UNKNOWN
openstack-keystone-cve201814432-info-disc(147412)

Source: CCN
Type: Keystone GIT Repository
Reduce duplication in federated auth APIs

Source: DEBIAN
Type: Third Party Advisory
DSA-4275

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-14432

Vulnerable Configuration:

Configuration 1:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:redhat:openstack:12:*:*:*:*:*:*:*

OR cpe:/a:redhat:openstack:10:*:*:*:*:*:*:*

OR cpe:/a:redhat:openstack:13:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:openstack:keystone:*:*:*:*:*:*:*:* (Version < 11.0.4)

OR cpe:/a:openstack:keystone:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:openstack:keystone:13.0.0:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openstack:keystone:11.0.3:*:*:*:*:*:*:*

OR cpe:/a:openstack:keystone:12.0.0:*:*:*:*:*:*:*

OR cpe:/a:openstack:keystone:13.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201814432	V	CVE-2018-14432	2022-05-22
oval:org.opensuse.security:def:58931	P	Security update for java-1_7_1-ibm (Moderate) (in QA)	2022-01-04
oval:org.opensuse.security:def:57148	P	Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:60435	P	Security update for glib-networking (Important)	2021-12-13
oval:org.opensuse.security:def:58016	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-09-23
oval:org.opensuse.security:def:59542	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:60353	P	Security update for xerces-c (Important)	2021-09-03
oval:org.opensuse.security:def:57992	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-08-25
oval:org.opensuse.security:def:59785	P	Security update for openssl-1_0_0 (Important)	2021-08-24
oval:org.opensuse.security:def:57942	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:60257	P	Security update for graphviz (Critical)	2021-05-19
oval:org.opensuse.security:def:57911	P	Security update for bind (Important)	2021-05-04
oval:org.opensuse.security:def:58930	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:60473	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:59602	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:59842	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:60392	P	Security update for the Linux Kernel (Important)	2021-02-09
oval:org.opensuse.security:def:57042	P	Security update for openssh (Moderate)	2021-01-05
oval:org.opensuse.security:def:56869	P	Security update for lftp (Moderate)	2020-12-01
oval:org.opensuse.security:def:60770	P	Security update for libqt5-qtbase (Important)	2020-12-01
oval:org.opensuse.security:def:59169	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:57799	P	libgraphite2-3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60092	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56631	P	Security update for pam_pkcs11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60820	P	Security update for log4j (Important)	2020-12-01
oval:org.opensuse.security:def:59168	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:57707	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59903	P	Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:59361	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:56491	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:60729	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:57599	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:59109	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:56469	P	Security update for xerces-j2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:60691	P	Security update for python-PyYAML (Important)	2020-12-01
oval:org.opensuse.security:def:57314	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:60590	P	Security update for OpenStack (Moderate)	2020-12-01
oval:org.opensuse.security:def:58953	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:56468	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:60607	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:60141	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:59349	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:60512	P	policycoreutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60510	P	perl-YAML-LibYAML on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:60849	P	Security update for OpenStack (Moderate)	2020-12-01
oval:org.opensuse.security:def:59191	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:60562	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:57873	P	libxml2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:59657	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:83856	P	Security update for OpenStack (Moderate)	2018-09-20
oval:org.opensuse.security:def:84302	P	Security update for OpenStack (Moderate)	2018-09-20
oval:org.opensuse.security:def:80651	P	Security update for OpenStack (Moderate)	2018-08-31
oval:com.ubuntu.xenial:def:2018144320000000	V	CVE-2018-14432 on Ubuntu 16.04 LTS (xenial) - low.	2018-07-31
oval:com.ubuntu.bionic:def:201814432000	V	CVE-2018-14432 on Ubuntu 18.04 LTS (bionic) - low.	2018-07-31
oval:com.ubuntu.disco:def:2018144320000000	V	CVE-2018-14432 on Ubuntu 19.04 (disco) - low.	2018-07-31
oval:com.ubuntu.cosmic:def:201814432000	V	CVE-2018-14432 on Ubuntu 18.10 (cosmic) - low.	2018-07-31
oval:com.ubuntu.cosmic:def:2018144320000000	V	CVE-2018-14432 on Ubuntu 18.10 (cosmic) - low.	2018-07-31
oval:com.ubuntu.trusty:def:201814432000	V	CVE-2018-14432 on Ubuntu 14.04 LTS (trusty) - low.	2018-07-31
oval:com.ubuntu.bionic:def:2018144320000000	V	CVE-2018-14432 on Ubuntu 18.04 LTS (bionic) - low.	2018-07-31
oval:com.ubuntu.xenial:def:201814432000	V	CVE-2018-14432 on Ubuntu 16.04 LTS (xenial) - low.	2018-07-31

BACK