Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated actor could both confirm the account exists and obtain that account's corresponding UUID, which might be leveraged for other unrelated attacks. All deployments enabling security_compliance.lockout_failure_attempts are affected.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenStack 安全漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。 OpenStack Keystone 中存在安全漏洞,该漏洞源于产品未能限制用户某些恶意请求。攻击者可通过账户锁定操作来猜测账户名称以及获得UUID。以下产品及版本受到影响:OpenStack Keystone 10.x 至 16.0.2 版本, OpenStack Keystone 17.x 至 17.0.1 版本
CVSS Information
N/A
Vulnerability Type
N/A