CVE-2014-3520
published 2014-10-26CVE-2014-3520: OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an…
medium6.5CVSS 3.1
AVNACLAuSCPIPAP
OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2014.1.1-3 (bookworm) | keystone 2014.1.1-3 (bookworm) |
| openstack | keystone | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | keystone | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | keystone | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | keystone | >= 0 < 2014.1.1-3 | 2014.1.1-3 |
| openstack | keystone | >= 0 < 1:2014.1.2.1-0ubuntu1.1 | 1:2014.1.2.1-0ubuntu1.1 |
| openstack | keystone | >= 2013.2 < 2013.2.4 | 2013.2.4 |
| openstack | keystone | >= 2014.1 < 2014.1.2 | 2014.1.2 |
CVSS provenance
nvd6.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM