CVE-2014-3621 (retired)

Priority
Description
The catalog url replacement in OpenStack Identity (Keystone) before
2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to
read sensitive configuration options via a crafted endpoint, as
demonstrated by "$(admin_token)" in the publicurl endpoint field.
Notes
 jdstrand> 12.04 is affected. Create test service and malicious endpoint as
  per the bug, then do (assumes 'testadmin' is in the 'admin' project (use
  tenant id from `keystone tenant-list|grep admin`):
  curl -k -X 'POST' -v http://127.0.0.1:5000/v2.0/tokens -d '{"auth":{"passwordCredentials":{"username": "testadmin", "password":"<pass>"}, "tenantId": "<id>"}}' -H 'Content-type: application/json' | python -m json.tool
Package
Upstream:released (2013.2.3, 2014.1.2.1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.3-0ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus):released (1:2014.2~rc1-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/121889 (juno)
Upstream:https://review.openstack.org/121890 (icehouse)
Upstream:https://review.openstack.org/121891 (havana)
More Information

Updated: 2019-03-26 12:13:08 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)