CVE-2014-0204

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

Published Bysecalert@redhat.com

Published DateNov 03, 2014, 23:55

Affected Versions(1)

keystone(PyPI)

Introduced0

Fixed8.0.0a0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
keystone(PyPI)	0	8.0.0a0	N/A

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

6.5

Vector String

AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-269

CVSS Metrics

Base Score

6.5

Vector String

AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL