Skip to content

OpenStack Identity Keystone Privilege Escalation vulnerability

Low severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Apr 8, 2024

Package

pip keystone (pip)

Affected versions

< 8.0.0a0

Patched versions

8.0.0a0

Description

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

References

Published by the National Vulnerability Database Nov 2, 2013
Published to the GitHub Advisory Database May 17, 2022
Reviewed Apr 8, 2024
Last updated Apr 8, 2024

Severity

Low

EPSS score

0.042%
(5th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-4477

GHSA ID

GHSA-f889-wfwm-6p7m

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.