Daniel Preussker

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions 15.0.0 through 16.0.0 **Description** The issue allows any user with a role on a project to list any credentials using the "/v3/credentials" API endpoint when `enforce scope` is false. This could lead to data leakage, including sign-on information for Time-based One Time Passwords (TOTP), as users with a role on a project can view any other users' credentials. Deployments with `enforce scope` set to false are affected. **Recommendations** For OpenStack Keystone versions 15.0.0 through 16.0.0, consider setting `enforce scope` to true to mitigate the risk of data leakage. As a temporary workaround, restrict access to the "/v3/credentials" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenStack Octavia versions 0.10.0 through 2.1.2 OpenStack Octavia versions 3.0.0 through 3.2.0 OpenStack Octavia versions 4.0.0 through 4.1.0 **Description** The issue is related to a flaw in the authentication procedure of the Amphora load balancer in OpenStack Octavia. This flaw allows an attacker with access to the management network to bypass client-certificate based authentication. As a result, the attacker can retrieve information or issue configuration commands via simple HTTP requests to the Agent on port https/9443. The problem arises because the `cmd/agent.py` gunicorn `cert reqs` option is set to True but should be set to `ssl.CERT REQUIRED`. **Recommendations** For OpenStack Octavia versions 0.10.0 through 2.1.2, update to version 2.1.2 or later to resolve the issue. For OpenStack Octavia versions 3.0.0 through 3.2.0, update to version 3.2.0 or later to resolve the issue. For OpenStack Octavia versions 4.0.0 through 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Agent on port https/9443 to minimize the risk of exploitation.