PYSEC-2018-152

🗓️ 19 Jul 2018 13:29:00Reported by Python Packaging AdvisoryType

pypa🔗 github.com👁 4 Views

OpenStack Keystone federation authorization flaw lets authenticated federated users obtain all project roles, including administrative roles.

Reporter	Title	Published	Views	Family All 27
CNVD	OpenStack Keystone Security Bypass Vulnerability	27 Apr 201700:00	–	cnvd
CVE	CVE-2017-2673	19 Jul 201813:00	–	cve
Cvelist	CVE-2017-2673	19 Jul 201813:00	–	cvelist
Debian CVE	CVE-2017-2673	19 Jul 201813:00	–	debiancve
EUVD	EUVD-2018-0083	7 Oct 202500:30	–	euvd
Github Security Blog	OpenStack Identity service (keystone) Incorrect Authorization	13 May 202201:07	–	github
NVD	CVE-2017-2673	19 Jul 201813:29	–	nvd
OpenVAS	Ubuntu: Security Advisory (USN-3448-1)	12 Oct 201700:00	–	openvas
OSV	CVE-2017-2673	19 Jul 201813:29	–	osv
OSV	DEBIAN-CVE-2017-2673	19 Jul 201813:29	–	osv

Vulners

Node

pypi keystoneRange9.0.0≥

pypi keystoneRange10.0.0–10.0.2

pypi keystoneRange11.0.0–11.0.1

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
bugs	www.bugs.launchpad.net/keystone/+bug/1677723
bugs	www.bugs.launchpad.net/keystone/+bug/1677723
bugs	www.bugs.launchpad.net/keystone/+bug/1677723
seclists	www.seclists.org/oss-sec/2017/q2/125
seclists	www.seclists.org/oss-sec/2017/q2/125
seclists	www.seclists.org/oss-sec/2017/q2/125
access	www.access.redhat.com/errata/RHSA-2017:1597

25 Nov 2024 18:35Current

6.7Medium risk

Vulners AI Score6.7

CVSS 36.8 - 7.2

CVSS 26.5

EPSS0.00572