What is CVE-2019-3683?

CVE-2019-3683 is a high-severity vulnerability in Suse Openstack Cloud 8, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2020-01-17.

How severe is CVE-2019-3683?

High severity. CVSS v3 base score is 8.8 out of 10.

Vulnerability in Suse Openstack Cloud 8

CVE-2019-3683

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. Thi…

EPSS: 0.003 (49.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Suse Openstack Cloud 8 — versions keystone-json-assignment

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource

References

bugzilla.suse.com/show_bug.cgi (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-3683?: CVE-2019-3683 is a high-severity vulnerability in Suse Openstack Cloud 8, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 8.8/10. Published 2020-01-17.
How severe is CVE-2019-3683?: High severity. CVSS v3 base score is 8.8 out of 10.