openstack keystone is vulnerable to privilege escalation. The library does not properly enforce the role parameters associated to an OAuth1 access token. A keystone token containing every role assignment is assigned to a low-privileged user, granting the user more access than required.
www.openwall.com/lists/oss-security/2020/05/07/3
bugs.launchpad.net/keystone/+bug/1873290
lists.apache.org/thread.html/re4ffc55cd2f1b55a26e07c83b3c22c3fe4bae6054d000a57fb48d8c2@%3Ccommits.druid.apache.org%3E
security.openstack.org/ossa/OSSA-2020-005.html
usn.ubuntu.com/4480-1/
www.openwall.com/lists/oss-security/2020/05/06/6