LDAP Role Manipulation in OpenStack Identity by OpenStack
CVE-2013-4477
Currently unrated
Summary
The OpenStack Identity (Keystone) has a flaw in its LDAP backend functionality. When an attempt is made to remove a role from a user who does not possess that role, the system inadvertently grants that role to the user. This behavior poses a significant security risk, as local users may exploit this vulnerability to elevate their privileges on the system, compromising the integrity and security of the entire OpenStack environment.
References
Timeline
Vulnerability published
Vulnerability Reserved