Sean Mooney

**Name of the Vulnerable Software and Affected Versions** OpenStack Cyborg versions prior to 16.0.1 **Description** Multiple API endpoints use `rule:allow` (check str='@') as the default policy, which unconditionally authorizes any request containing a valid Keystone token. This occurs regardless of the user's roles, project membership, or scope. Consequently, an authenticated user with no assigned roles can perform various actions, including reprogramming FPGA (Field Programmable Gate Array) bitstreams on arbitrary compute nodes via agent RPC (Remote Procedure Call). **Recommendations** Update to version 16.0.1.

**Name of the Vulnerable Software and Affected Versions** OpenStack Cyborg versions prior to 16.0.1 **Description** The Accelerator Request (ARQ) API fails to enforce project ownership. The `project id` database column remains unpopulated, database queries lack project filtering, and policy checks are self-referential because the `authorize wsgi` function compares the caller's `project id` with itself instead of the target resource. This allows any authenticated non-admin user to perform actions, such as deleting ARQs associated with instances from other projects, leading to a cross-tenant denial of service. **Recommendations** Update to version 16.0.1.