GSA_kwCzR0hTQS1mODg5LXdmd20tNnA3bc4AAeuL

Low EPSS: 0.00064% (0.20019 Percentile) EPSS:

Permalink JSON

OpenStack Identity Keystone Privilege Escalation vulnerability

Affected Packages	Affected Versions	Fixed Versions
pypi:keystone	< 8.0.0a0	8.0.0a0
3 Dependent packages 37 Dependent repositories 23,114 Downloads last month Affected Version Ranges All affected versions All unaffected versions 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 22.0.2, 23.0.0, 23.0.1, 23.0.2, 24.0.0, 24.1.0, 25.0.0, 26.0.0, 27.0.0

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

References:

Identifiers

GHSA-f889-wfwm-6p7m

CVE-2013-4477

Risk

Severity

Low

EPSS

EPSS Percentage: 0.00064

EPSS Percentile: 0.20019

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/openstack/keystone

Date and time

Published

about 3 years ago

Updated

over 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories