PublicDateAtUSN: 2014-10-02 Candidate: CVE-2014-3621 PublicDate: 2014-10-02 14:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3621 https://marc.info/?l=oss-security&m=141089591711697&w=2 https://ubuntu.com/security/notices/USN-2406-1 Description: The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field. Ubuntu-Description: Notes: jdstrand> 12.04 is affected. Create test service and malicious endpoint as per the bug, then do (assumes 'testadmin' is in the 'admin' project (use tenant id from `keystone tenant-list|grep admin`): curl -k -X 'POST' -v http://127.0.0.1:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "testadmin", "password":""}, "tenantId": ""}}' -H 'Content-type: application/json' | python -m json.tool Bugs: https://bugs.launchpad.net/keystone/+bug/1354208 Priority: medium Discovered-by: Brant Knudson Assigned-to: CVSS: Patches_keystone: upstream: https://review.openstack.org/121889 (juno) upstream: https://review.openstack.org/121890 (icehouse) upstream: https://review.openstack.org/121891 (havana) upstream_keystone: released (2013.2.3, 2014.1.2.1) lucid_keystone: DNE precise_keystone: ignored (reached end-of-life) precise/esm_keystone: DNE (precise was needed) trusty_keystone: released (1:2014.1.3-0ubuntu1) trusty/esm_keystone: DNE (trusty was released [1:2014.1.3-0ubuntu1]) utopic_keystone: released (1:2014.2~rc1-0ubuntu1) vivid_keystone: released (1:2014.2~rc1-0ubuntu1) vivid/stable-phone-overlay_keystone: DNE vivid/ubuntu-core_keystone: DNE wily_keystone: released (1:2014.2~rc1-0ubuntu1) xenial_keystone: released (1:2014.2~rc1-0ubuntu1) esm-infra/xenial_keystone: released (1:2014.2~rc1-0ubuntu1) yakkety_keystone: released (1:2014.2~rc1-0ubuntu1) zesty_keystone: released (1:2014.2~rc1-0ubuntu1) devel_keystone: released (1:2014.2~rc1-0ubuntu1)