CVE-2017-2673

Published: 27 April 2017

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

Priority

Medium

CVSS 3 base score: 7.2

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian
Upstream
Released (2:10.0.0-9)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:9.3.0-0ubuntu3.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [code not present])