PT-2014-3534 · Openstack · Openstack Identity

Published

2014-11-03

Updated

2022-05-13

CVE-2014-0204

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions prior to 2014.1.1

Description The issue arises from improper handling of role assignments to groups with IDs identical to those of users, allowing remote authenticated users to gain privileges assigned to a group with the same ID.

Recommendations For versions prior to 2014.1.1, update to version 2014.1.1 or later to resolve the issue.

Exploit

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2014-0204

GHSA-C4P9-87H3-7VR4

Affected Products

Openstack Identity

PT-2014-3534 · Openstack · Openstack Identity

CVE-2014-0204

Weakness Enumeration

Related Identifiers

Affected Products

References · 16