Privilege Escalation in OpenStack Identity by Mismanaged User and Group IDs
CVE-2014-0204

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
3 November 2014

Summary

In OpenStack Identity (Keystone) prior to version 2014.1.1, a vulnerability exists where roles assigned to groups can be exploited by remote authenticated users. This occurs when a group has the same ID as a user, allowing the user to gain unauthorized privileges associated with that group. This mismanagement of user and group identifiers can lead to significant security breaches if not adequately addressed.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.