CVE-2014-0204
Published: 3 November 2014
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
Priority
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-015 watch for regression mentioned in tracker only icehouse and higher |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
- http://lists.openstack.org/pipermail/openstack-announce/2014-May/000231.html
- NVD
- Launchpad
- Debian