Privilege Escalation in OpenStack Identity (Keystone) by Unauthorized Project Access
CVE-2014-3520

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
26 October 2014

Summary

A vulnerability in OpenStack Identity (Keystone) allows remote authenticated users to exploit trust relationships. By manipulating the project ID in a V2 API trust token request, attackers can gain access to unauthorized projects for which the trustor has specific roles. This could potentially lead to unauthorized resource access and compromise of sensitive data.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.