Privilege Escalation in OpenStack Identity (Keystone) by Unauthorized Project Access
CVE-2014-3520
Currently unrated
Summary
A vulnerability in OpenStack Identity (Keystone) allows remote authenticated users to exploit trust relationships. By manipulating the project ID in a V2 API trust token request, attackers can gain access to unauthorized projects for which the trustor has specific roles. This could potentially lead to unauthorized resource access and compromise of sensitive data.
References
Timeline
Vulnerability published
Vulnerability Reserved