https://bugs.launchpad.net/keystone/+bug/1872737
External References: https://security.openstack.org/ossa/OSSA-2020-003.html
Patches are available for train/stein/rocky/pike from the upstream bug page (linked in the first comment)
Created openstack-keystone tracking bugs for this issue: Affects: openstack-rdo [bug 1833168]
Acknowledgments: Name: kay (OpenStack)
This issue has been addressed in the following products: Red Hat OpenStack Platform 13.0 (Queens) Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS Via RHSA-2020:2732 https://access.redhat.com/errata/RHSA-2020:2732
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12692
This issue has been addressed in the following products: Red Hat OpenStack Platform 15.0 (Stein) Via RHSA-2020:3102 https://access.redhat.com/errata/RHSA-2020:3102