Privilege escalation in Openstack Keystone

CVE-2014-0204

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same…

Vulnerability class: Privilege Escalation

EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.

Affected products

Openstack Keystone
N/a — versions n/a

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

secalert@redhat.com (x_refsource_CONFIRM, Exploit, Third Party Advisory, Issue Tracking)
secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory)
[oss-security] 20140521 [OSSA 2014-015] Keystone user and group id mismatch (CVE-2014-0204) (mailing-list, x_refsource_MLIST, Patch, Mailing List, Third Party Advisory)