Grzegorz Grasza

**Name of the Vulnerable Software and Affected Versions** OpenStack (affected versions not specified) **Description** An issue exists in OpenStack’s keystonemiddleware component that could allow for privilege escalation or impersonation. An authenticated attacker may be able to elevate their privileges or assume the identity of another user by forging identity headers, such as `X-Is-Admin-Project`, `X-Roles`, or `X-User-Id`, within external OAuth2 tokens. The issue allows users to ‘ask’ for root access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenStack Barbican (affected versions not specified) **Description** A credentials leak flaw was found in OpenStack Barbican, allowing a local authenticated attacker to read the configuration file and gain access to sensitive credentials. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.