CVE-2017-2673

CVSS v4.0

8.6

High

Vector

AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity service (keystone) (affected versions not specified)

Description An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service. This issue allows an authenticated federated user to request permissions to a project and unintentionally be granted all related roles, including administrative roles.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2017-2673

GHSA-J36M-HV43-7W7M

PYSEC-2018-152

RHSA-2017:1461

RHSA-2017:1597

USN-3448-1

Affected Products

Openstack Identity Service

Ubuntu

CVE-2017-2673

Weakness Enumeration

Related Identifiers

Affected Products

References · 24