CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
Percentile
71.0%
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when
a role is assigned to a group that has the same ID as a user, which allows
remote authenticated users to gain privileges that are assigned to a group
with the same ID.
Author | Note |
---|---|
mdeslaur | OSSA 2014-015 watch for regression mentioned in tracker only icehouse and higher |