PT-2013-5034 · Openstack · Openstack Identity

Blk-U

Published

2013-11-02

Updated

2022-05-17

CVE-2013-4477

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions Grizzly through Havana

Description The issue in OpenStack Identity (Keystone) allows local users to gain privileges by adding a role to a user when removing a role on a tenant for a user who does not have that role.

Recommendations For OpenStack Identity (Keystone) versions Grizzly through Havana, consider restricting access to the LDAP backend until a fix is available. As a temporary workaround, manually review and correct user roles after removal to prevent unintended privilege escalation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2013-4477

GHSA-F889-WFWM-6P7M

RHSA-2014:0113

Affected Products

Openstack Identity

PT-2013-5034 · Openstack · Openstack Identity

CVE-2013-4477

Weakness Enumeration

Related Identifiers

Affected Products

References · 12