Unrated severityNVD Advisory· Published Jul 31, 2018· Updated Aug 5, 2024

CVE-2018-14432

Description

In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing projects. An authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is affected.

Affected products

179

osv-coords179 versions
pkg:rpm/suse/openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-aodh-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-barbican-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-dashboard&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-designate-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-designate-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-designate-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-glance&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-glance-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-glance-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-heat-templates&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-heat-templates&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-designate-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-designate-ui&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-horizon-plugin-designate-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-designate-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-freezer-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-freezer-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-freezer-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-gbp-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-manila-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-manila-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-manila-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-neutron-lbaas-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-neutron-lbaas-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-neutron-lbaas-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-horizon-plugin-trove-ui&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-ironic-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-keystone-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-keystone-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-manila-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-lbaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-lbaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-zvm-agent&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-zvm-agent&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-zvm-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova-virt-zvm&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-virt-zvm&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-virt-zvm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-trove&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-trove&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-trove-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-trove-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-trove-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-barbicanclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-barbicanclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-barbicanclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-keystone-json-assignment&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-keystone-json-assignment&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-keystone-json-assignment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-manilaclient&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-manilaclient&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-manilaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-os-vif&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-vmware-nsx&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-vmware-nsx&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-vmware-nsx&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-vmware-nsxlib&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-vmware-nsxlib&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-vmware-nsxlib&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 5.1.1~dev5-3.5.3+ 178 more
- (no CPE)range: < 5.1.1~dev5-3.5.3
- (no CPE)range: < 5.1.1~dev5-3.5.3
- (no CPE)range: < 5.1.1~dev5-3.5.3
- (no CPE)range: < 5.1.1~dev5-3.5.4
- (no CPE)range: < 5.1.1~dev5-3.5.4
- (no CPE)range: < 5.1.1~dev5-3.5.4
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 5.0.1~dev11-3.8.3
- (no CPE)range: < 11.1.2~dev14-3.6.3
- (no CPE)range: < 11.1.2~dev14-3.6.3
- (no CPE)range: < 11.1.2~dev14-3.6.3
- (no CPE)range: < 11.1.2~dev14-3.6.4
- (no CPE)range: < 11.1.2~dev14-3.6.4
- (no CPE)range: < 11.1.2~dev14-3.6.4
- (no CPE)range: < 12.0.4~dev1-3.8.3
- (no CPE)range: < 10.0.6~dev4-4.15.1
- (no CPE)range: < 12.0.4~dev1-3.8.3
- (no CPE)range: < 12.0.4~dev1-3.8.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 5.0.2~dev5-3.5.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 15.0.2~dev4-3.3.3
- (no CPE)range: < 9.0.5~dev11-3.6.3
- (no CPE)range: < 7.0.7~dev10-5.12.1
- (no CPE)range: < 9.0.5~dev11-3.6.3
- (no CPE)range: < 9.0.5~dev11-3.6.3
- (no CPE)range: < 9.0.5~dev11-3.6.4
- (no CPE)range: < 7.0.7~dev10-5.12.1
- (no CPE)range: < 9.0.5~dev11-3.6.4
- (no CPE)range: < 9.0.5~dev11-3.6.4
- (no CPE)range: < 0.0.0+git.1525957319.6b5a7cd-3.3.3
- (no CPE)range: < 0.0.0+git.1525957319.6b5a7cd-3.3.3
- (no CPE)range: < 0.0.0+git.1525957319.6b5a7cd-3.3.3
- (no CPE)range: < 5.0.2~dev5-3.3.5
- (no CPE)range: < 3.0.2~dev1-3.6.1
- (no CPE)range: < 5.0.2~dev5-3.3.5
- (no CPE)range: < 5.0.2~dev5-3.3.5
- (no CPE)range: < 5.0.1~dev6-3.3.5
- (no CPE)range: < 5.0.1~dev6-3.3.5
- (no CPE)range: < 5.0.1~dev6-3.3.5
- (no CPE)range: < 5.0.1~dev21-4.3.3
- (no CPE)range: < 5.0.1~dev21-4.3.3
- (no CPE)range: < 5.0.1~dev21-4.3.3
- (no CPE)range: < 2.10.3~dev4-4.5.5
- (no CPE)range: < 2.10.3~dev4-4.5.5
- (no CPE)range: < 2.10.3~dev4-4.5.5
- (no CPE)range: < 3.0.3~dev2-3.5.4
- (no CPE)range: < 3.0.3~dev2-3.5.4
- (no CPE)range: < 3.0.3~dev2-3.5.4
- (no CPE)range: < 9.0.1~dev7-3.3.5
- (no CPE)range: < 9.0.1~dev7-3.3.5
- (no CPE)range: < 9.0.1~dev7-3.3.5
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 9.1.5~dev7-3.6.3
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 10.0.3~dev9-7.12.1
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 10.0.3~dev9-7.12.1
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 12.0.1~dev19-5.8.3
- (no CPE)range: < 5.0.2~dev55-3.6.3
- (no CPE)range: < 5.0.2~dev55-3.6.3
- (no CPE)range: < 5.0.2~dev55-3.6.3
- (no CPE)range: < 5.0.2~dev55-3.6.4
- (no CPE)range: < 5.0.2~dev55-3.6.4
- (no CPE)range: < 5.0.2~dev55-3.6.4
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.6~dev63-3.6.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.2~dev7-3.5.3
- (no CPE)range: < 11.0.4~dev4-3.3.4
- (no CPE)range: < 11.0.4~dev4-3.3.4
- (no CPE)range: < 11.0.4~dev4-3.3.4
- (no CPE)range: < 11.0.4~dev4-3.3.3
- (no CPE)range: < 11.0.4~dev4-3.3.3
- (no CPE)range: < 11.0.4~dev4-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 11.0.1~dev1-3.3.3
- (no CPE)range: < 8.0.1~dev12-4.3.3
- (no CPE)range: < 8.0.1~dev12-4.3.3
- (no CPE)range: < 8.0.1~dev12-4.3.3
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 14.0.11~dev13-4.25.1
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 14.0.11~dev13-4.25.1
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 16.1.5~dev49-3.8.4
- (no CPE)range: < 8.0.1~dev56-3.3.4
- (no CPE)range: < 8.0.1~dev56-3.3.4
- (no CPE)range: < 8.0.1~dev56-3.3.4
- (no CPE)range: < 1.0.3~dev21-4.6.3
- (no CPE)range: < 1.0.3~dev21-4.6.3
- (no CPE)range: < 1.0.3~dev21-4.6.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 8.0.1~dev11-3.3.3
- (no CPE)range: < 4.5.2-4.3.2
- (no CPE)range: < 4.5.2-4.3.2
- (no CPE)range: < 4.5.2-4.3.2
- (no CPE)range: < 0.0.2-3.3.2
- (no CPE)range: < 0.0.2-3.3.2
- (no CPE)range: < 0.0.2-3.3.2
- (no CPE)range: < 1.17.3-3.3.2
- (no CPE)range: < 1.17.3-3.3.2
- (no CPE)range: < 1.17.3-3.3.2
- (no CPE)range: < 1.2.1-3.3.1
- (no CPE)range: < 11.0.3~dev16-3.3.2
- (no CPE)range: < 11.0.3~dev16-3.3.2
- (no CPE)range: < 11.0.3~dev16-3.3.2
- (no CPE)range: < 11.0.4~dev7-3.3.2
- (no CPE)range: < 11.0.4~dev7-3.3.2
- (no CPE)range: < 11.0.4~dev7-3.3.2
- (no CPE)range: < 5.0.1-12.4.1
- (no CPE)range: < 5.0.1-12.4.1
- (no CPE)range: < 5.0.1-12.5.1
- (no CPE)range: < 5.0.1-12.5.1
- (no CPE)range: < 11.0.2-14.5.1
- (no CPE)range: < 11.0.2-14.5.1
- (no CPE)range: < 5.0.1-12.3.1
- (no CPE)range: < 5.0.1-12.3.1
- (no CPE)range: < 15.0.1-12.3.1
- (no CPE)range: < 15.0.1-12.3.1
- (no CPE)range: < 9.0.1-12.5.1
- (no CPE)range: < 9.0.1-12.5.1
- (no CPE)range: < 11.0.2-14.6.1
- (no CPE)range: < 11.0.2-14.6.1
- (no CPE)range: < 9.1.3-12.5.1
- (no CPE)range: < 9.1.3-12.5.1
- (no CPE)range: < 12.0.1-11.5.1
- (no CPE)range: < 12.0.1-11.5.1
- (no CPE)range: < 5.0.2-11.4.1
- (no CPE)range: < 5.0.2-11.4.1
- (no CPE)range: < 5.0.2-12.5.1
- (no CPE)range: < 5.0.2-12.5.1
- (no CPE)range: < 11.0.2-13.8.1
- (no CPE)range: < 11.0.2-13.8.1
- (no CPE)range: < 16.0.3-11.6.1
- (no CPE)range: < 16.0.3-11.6.1
- (no CPE)range: < 1.0.2-12.5.1
- (no CPE)range: < 1.0.2-12.5.1
- (no CPE)range: < 7.0.1-11.4.1
- (no CPE)range: < 7.0.1-11.4.1
- (no CPE)range: < 8.0.0.0-11.4.1
- (no CPE)range: < 8.0.0.0-11.4.1

Patches

ade177ad357d

Reduce duplication in federated auth APIs

https://github.com/openstack/keystoneLance BragstadJul 25, 2018via osv

commit

2 files changed · +57 −15

keystone/federation/controllers.py+4 −15 modified

@@ -447,13 +447,8 @@ def list_domains_for_user(self, request):
         :returns: list of accessible domains
 
         """
-        domains = self.assignment_api.list_domains_for_groups(
-            request.auth_context['group_ids'])
-        domains = domains + self.assignment_api.list_domains_for_user(
-            request.auth_context['user_id'])
-        # remove duplicates
-        domains = [dict(t) for t in set([tuple(d.items()) for d in domains])]
-        return DomainV3.wrap_collection(request.context_dict, domains)
+        controller = auth_controllers.Auth()
+        return controller.get_auth_domains(request)
 
 
 @dependency.requires('assignment_api', 'resource_api')
@@ -473,14 +468,8 @@ def list_projects_for_user(self, request):
         :returns: list of accessible projects
 
         """
-        projects = self.assignment_api.list_projects_for_groups(
-            request.auth_context['group_ids'])
-        projects = projects + self.assignment_api.list_projects_for_user(
-            request.auth_context['user_id'])
-        # remove duplicates
-        projects = [dict(t) for t in set([tuple(d.items()) for d in projects])]
-        return ProjectAssignmentV3.wrap_collection(request.context_dict,
-                                                   projects)
+        controller = auth_controllers.Auth()
+        return controller.get_auth_projects(request)
 
 
 @dependency.requires('federation_api')

keystone/tests/unit/test_v3_auth.py+53 −0 modified

@@ -5090,6 +5090,59 @@ def test_get_domains_project_scoped_token(self):
         self.assertThat(r.json['domains'], matchers.HasLength(1))
         self.assertValidDomainListResponse(r)
 
+    def test_get_projects_matches_federated_get_projects(self):
+        # create at least one addition project to make sure it doesn't end up
+        # in the response, since the user doesn't have any authorization on it
+        ref = unit.new_project_ref(domain_id=CONF.identity.default_domain_id)
+        r = self.post('/projects', body={'project': ref})
+        unauthorized_project_id = r.json['project']['id']
+
+        r = self.get('/auth/projects', expected_status=http_client.OK)
+        self.assertThat(r.json['projects'], matchers.HasLength(1))
+        for project in r.json['projects']:
+            self.assertNotEqual(unauthorized_project_id, project['id'])
+
+        expected_project_id = r.json['projects'][0]['id']
+
+        # call GET /v3/OS-FEDERATION/projects
+        r = self.get('/OS-FEDERATION/projects', expected_status=http_client.OK)
+
+        # make sure the response is the same
+        self.assertThat(r.json['projects'], matchers.HasLength(1))
+        for project in r.json['projects']:
+            self.assertEqual(expected_project_id, project['id'])
+
+    def test_get_domains_matches_federated_get_domains(self):
+        # create at least one addition domain to make sure it doesn't end up
+        # in the response, since the user doesn't have any authorization on it
+        ref = unit.new_domain_ref()
+        r = self.post('/domains', body={'domain': ref})
+        unauthorized_domain_id = r.json['domain']['id']
+
+        ref = unit.new_domain_ref()
+        r = self.post('/domains', body={'domain': ref})
+        authorized_domain_id = r.json['domain']['id']
+
+        path = '/domains/%(domain_id)s/users/%(user_id)s/roles/%(role_id)s' % {
+            'domain_id': authorized_domain_id,
+            'user_id': self.user_id,
+            'role_id': self.role_id
+        }
+        self.put(path, expected_status=http_client.NO_CONTENT)
+
+        r = self.get('/auth/domains', expected_status=http_client.OK)
+        self.assertThat(r.json['domains'], matchers.HasLength(1))
+        self.assertEqual(authorized_domain_id, r.json['domains'][0]['id'])
+        self.assertNotEqual(unauthorized_domain_id, r.json['domains'][0]['id'])
+
+        # call GET /v3/OS-FEDERATION/domains
+        r = self.get('/OS-FEDERATION/domains', expected_status=http_client.OK)
+
+        # make sure the response is the same
+        self.assertThat(r.json['domains'], matchers.HasLength(1))
+        self.assertEqual(authorized_domain_id, r.json['domains'][0]['id'])
+        self.assertNotEqual(unauthorized_domain_id, r.json['domains'][0]['id'])
+
 
 class TestTrustAuthFernetTokenProvider(TrustAPIBehavior, TestTrustChain):
     def config_overrides(self):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

access.redhat.com/errata/RHSA-2018:2523mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2533mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2018:2543mitrevendor-advisoryx_refsource_REDHAT
www.debian.org/security/2018/dsa-4275mitrevendor-advisoryx_refsource_DEBIAN
www.openwall.com/lists/oss-security/2018/07/25/2mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/104930mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000