Privilege Escalation in OpenStack Identity by Mismanaged User and Group IDs
CVE-2014-0204
Currently unrated
Summary
In OpenStack Identity (Keystone) prior to version 2014.1.1, a vulnerability exists where roles assigned to groups can be exploited by remote authenticated users. This occurs when a group has the same ID as a user, allowing the user to gain unauthorized privileges associated with that group. This mismanagement of user and group identifiers can lead to significant security breaches if not adequately addressed.
References
Timeline
Vulnerability published
Vulnerability Reserved