Описание
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openstack-keystone | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | openstack-keystone | Not affected | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | openstack-keystone | Not affected | ||
| Red Hat OpenStack Platform 11 (Ocata) | openstack-keystone | Affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | openstack-keystone | Not affected | ||
| Red Hat OpenStack Platform 10.0 (Newton) | openstack-keystone | Fixed | RHSA-2017:1597 | 28.06.2017 |
| Red Hat OpenStack Platform 9.0 (Mitaka) | openstack-keystone | Fixed | RHSA-2017:1461 | 14.06.2017 |
Показывать по
Дополнительная информация
Статус:
6.8 Medium
CVSS3
Связанные уязвимости
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
An authorization-check flaw was discovered in federation configuration ...
OpenStack Identity service (keystone) Incorrect Authorization
6.8 Medium
CVSS3