Kristi Nikolla

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 11.0.4 OpenStack Keystone versions prior to 12.0.0 OpenStack Keystone versions prior to 13.0.0 **Description** The issue allows an authenticated user to bypass access restrictions on listing projects via a "GET /v3/OS-FEDERATION/projects" request, potentially leaking all projects in the deployment and their attributes. This affects Keystone instances with the /v3/OS-FEDERATION endpoint enabled. **Recommendations** For versions prior to 11.0.4, update to version 11.0.4 or later. For versions prior to 12.0.0, update to version 12.0.0 or later. For versions prior to 13.0.0, update to version 13.0.0 or later.