Vulnerability	Vulnerable Version
M Information Exposure keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family. Affected versions of this package are vulnerable to Information Exposure during account locking. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding `UUID`, which might be leveraged for other unrelated attacks. How to fix Information Exposure? Upgrade `keystone` to version 16.0.2, 17.0.1, 18.1.0, 20.0.0 or higher.	[,16.0.2)[17.0.0,17.0.1)[18.0.0,18.1.0)[19.0.0,20.0.0)

Information Exposure

keystone is a package that provides authentication, authorization and service discovery mechanisms via HTTP primarily for use by projects in the OpenStack family.

Affected versions of this package are vulnerable to Information Exposure during account locking. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks.

How to fix Information Exposure?

Upgrade keystone to version 16.0.2, 17.0.1, 18.1.0, 20.0.0 or higher.

[,16.0.2)[17.0.0,17.0.1)[18.0.0,18.1.0)[19.0.0,20.0.0)

Go back to all versions of this package