OpenStack Keystone could be made to expose sensitive information over the
network.
Software Description:
- keystone: OpenStack identity service
Details:
Daniel Preussker discovered that OpenStack Keystone incorrectly handled the
list credentials API. A user with a role on the project could use this
issue to view any other user's credentials.
The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10: keystone 2:16.0.0-0ubuntu1.1 python3-keystone 2:16.0.0-0ubuntu1.1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-4262-1
CVE-2019-19687
Get the latest Linux and open source security news straight to your inbox.