Описание
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 2:11.0.0-0ubuntu1.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [code not present]] |
| esm-infra/xenial | released | 2:9.3.0-0ubuntu3.1 |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | not-affected | code not present |
| trusty/esm | DNE | trusty was not-affected [code not present] |
| upstream | released | 2:10.0.0-9 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE |
Показывать по
EPSS
6.5 Medium
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
An authorization-check flaw was discovered in federation configuration ...
OpenStack Identity service (keystone) Incorrect Authorization
EPSS
6.5 Medium
CVSS2
6.8 Medium
CVSS3