CVE-2018-14432

MEDIUM Year: 2018
CVSS v3 Score
5.3
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-200
View all →

Vulnerability Description

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Related Vulnerabilities

CVE-2007-3650

MEDIUM
CVSS:5.3(Medium)

myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (...

CWE-2002007

CVE-2007-3651

MEDIUM
CVSS:5.3(Medium)

class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation...

CWE-2002007

CVE-2010-3673

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.

CWE-2002010

CVE-2011-0736

MEDIUM
CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=...

CWE-2002011

CVE-2011-0737

MEDIUM
CVSS:5.3(Medium)

Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. NOTE: the ven...

CWE-2002011

CVE-2011-4538

MEDIUM
CVSS:5.3(Medium)

Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings.

CWE-2002011