CVE-2014-0204
Published: 03 November 2014
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
Priority
Medium
Status
| Package | Release | Status |
|---|---|---|
|
keystone Launchpad, Ubuntu, Debian |
Upstream |
Needs triage
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
(trusty was not-affected [1:2014.1.1-0ubuntu1])
|
|
|
Patches: Upstream: https://review.openstack.org/#/c/94397/ (icehouse) |
||
Notes
| Author | Note |
|---|---|
| mdeslaur | OSSA 2014-015 watch for regression mentioned in tracker only icehouse and higher |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0204
- http://lists.openstack.org/pipermail/openstack-announce/2014-May/000231.html
- NVD
- Launchpad
- Debian