CVE-2019-3683

2020-01-17T11:15:00
ID CVE-2019-3683
Type cve
Reporter cve@mitre.org
Modified 2020-02-05T18:56:00

Description

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.