Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1qMzZtLWh2NDMtN3c3bc3uGg

OpenStack Identity service (keystone) Incorrect Authorization

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

Permalink: https://github.com/advisories/GHSA-j36m-hv43-7w7m
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qMzZtLWh2NDMtN3c3bc3uGg
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 4 months ago

CVSS Score: 7.2
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-j36m-hv43-7w7m, CVE-2017-2673
References:

• https://nvd.nist.gov/vuln/detail/CVE-2017-2673
• https://access.redhat.com/errata/RHSA-2017:1461
• https://access.redhat.com/errata/RHSA-2017:1597
• https://bugs.launchpad.net/keystone/+bug/1677723
• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
• http://seclists.org/oss-sec/2017/q2/125
• http://www.securityfocus.com/bid/98032
• https://access.redhat.com/security/cve/CVE-2017-2673
• https://bugzilla.redhat.com/show_bug.cgi?id=1439586
• https://github.com/openstack/keystone/commit/05a129e54573b6cbda1ec095f4526f2b9ba90a90
• https://github.com/openstack/keystone/commit/2139639eeabc8f6941f4461fc87d609cde3118c2
• https://github.com/advisories/GHSA-j36m-hv43-7w7m

Repository: https://github.com/openstack/keystone
Blast Radius: 11.3

Affected Packages