PT-2020-10908 · Suse · Suse Openstack Cloud

Published

2020-01-17

Updated

2020-10-22

CVE-2019-3683

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Openstack Cloud 8 versions before commit d7888c75505465490250c00cc0ef4bb1af662f9f

Description The issue allows every user listed in the /etc/keystone/user-project-map.json file to be assigned full member role access to every project, enabling them to access, modify, create, and delete arbitrary resources, contrary to expectations.

Recommendations For SUSE Openstack Cloud 8 versions before commit d7888c75505465490250c00cc0ef4bb1af662f9f, update to a version that includes the fix commit d7888c75505465490250c00cc0ef4bb1af662f9f to resolve the issue.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2019-3683

Affected Products

Suse Openstack Cloud

PT-2020-10908 · Suse · Suse Openstack Cloud

CVE-2019-3683

Weakness Enumeration

Related Identifiers

Affected Products

References · 4