CVE-2014-0204

CWE-269Improper Privilege Management13 documents9 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 42.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedNov 3
Latest updateMay 13

Description

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

NVDopenstack/keystone2014.12014.1.1
PyPIkeystone< 8.0.0a0
Debiankeystone< 2014.1-5+3

Patches

Patch: www.openwall.comPatch: review.openstack.orgPatch: www.openwall.com

🔴Vulnerability Details

4
OSV
OpenStack Identity Keystone Improper Privilege Management2022-05-13
GHSA
OpenStack Identity Keystone Improper Privilege Management2022-05-13
CVEList
CVE-2014-0204: OpenStack Identity (Keystone) before 20142014-11-03
OSV
CVE-2014-0204: OpenStack Identity (Keystone) before 20142014-11-03

📋Vendor Advisories

2
Red Hat
openstack-keystone: user and group id mismatch2014-05-21
Debian
CVE-2014-0204: keystone - OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a ro...2014

💬Community

3
Bugzilla
CVE-2014-0204 openstack-keystone: user and group id mismatch [fedora-all]2014-05-25
Bugzilla
CVE-2014-0204 openstack-keystone: user and group id mismatch2014-05-09
Bugzilla
CVE-2014-0058 Red Hat JBoss EAP6: Plain text password logging during security audit2014-02-11
CVE-2014-0204 (MEDIUM CVSS 6.5) | OpenStack Identity (Keystone) befor | cvebase.io