Sensitive Configuration Options Disclosure in OpenStack Identity (Keystone)

Sensitive Configuration Options Disclosure in OpenStack Identity (Keystone)

CVE-2014-3621 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint field.

Learn more about our User Device Pen Test.