CVE-2014-0204
Last modified
CVE-2014-0204 is a vulnerability of currently unknown severity. OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.. EPSS estimates a 1.39% chance of exploitation in the next 30 days.
Description
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Keystone | >= 2014.1, < 2014.1.1 |
References
- http://www.openwall.com/lists/oss-security/2014/05/21/3Mailing List, Patch, Third Party Advisory
- https://bugs.launchpad.net/keystone/+bug/1309228Exploit, Issue Tracking, Third Party Advisory
- https://review.openstack.org/#/c/94396/Patch, Third Party Advisory
- http://www.openwall.com/lists/oss-security/2014/05/21/3Mailing List, Patch, Third Party Advisory
- https://bugs.launchpad.net/keystone/+bug/1309228Exploit, Issue Tracking, Third Party Advisory
- https://review.openstack.org/#/c/94396/Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0204?
How severe is CVE-2014-0204?
How do I fix CVE-2014-0204?
Are you affected by CVE-2014-0204?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST