CVE-2014-0204
Published: 3 November 2014
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
Notes
Author | Note |
---|---|
mdeslaur | OSSA 2014-015 watch for regression mentioned in tracker only icehouse and higher |
Priority
Status
Package | Release | Status |
---|---|---|
keystone Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected [1:2014.1.1-0ubuntu1])
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://review.openstack.org/#/c/94397/ |