USN-4262-1: OpenStack Keystone vulnerability

30 January 2020

keystone vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 19.10

Summary

OpenStack Keystone could be made to expose sensitive information over the network.

Software Description

  • keystone - OpenStack identity service

Details

Daniel Preussker discovered that OpenStack Keystone incorrectly handled the list credentials API. A user with a role on the project could use this issue to view any other user’s credentials.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 19.10
keystone - 2:16.0.0-0ubuntu1.1
python3-keystone - 2:16.0.0-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References