PT-2017-15467 · Openstack+1 · Openstack Identity Service+1

Boris Bobrov

Publicado

2017-04-27

Atualizado

2023-02-12

CVE-2017-2673

CVSS v4.0

8.6

Alta

Vetor

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity service (keystone) (affected versions not specified)

Description An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service. This issue allows an authenticated federated user to request permissions to a project and unintentionally be granted all related roles, including administrative roles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

CVE-2017-2673

GHSA-J36M-HV43-7W7M

PYSEC-2018-152

RHSA-2017:1461

RHSA-2017:1597

USN-3448-1

Produtos afetados

Openstack Identity Service

Ubuntu

PT-2017-15467 · Openstack+1 · Openstack Identity Service+1

CVE-2017-2673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24