CVE-2017-2673: An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could…

high7.2CVSS 3.0

AVNACLPRHUINSUCHIHAH

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

Affected

10 ranges

Vendor	Product	Version range	Fixed in
debian	keystone	< keystone 2:10.0.0-9 (bookworm)	keystone 2:10.0.0-9 (bookworm)
openstack	keystone	>= 0 < 2:10.0.0-9	2:10.0.0-9
openstack	keystone	>= 0 < 2:10.0.0-9	2:10.0.0-9
openstack	keystone	>= 0 < 2:10.0.0-9	2:10.0.0-9
openstack	keystone	>= 0 < 2:10.0.0-9	2:10.0.0-9
openstack	keystone	>= 10.0.0 < 10.0.2	10.0.2
openstack	keystone	>= 11.0.0 < 11.0.1	11.0.1
openstack	keystone	9.0.0 – 9.3.0	—
redhat	openstack	—	—
redhat	openstack	—	—

CVSS provenance

nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

osv7.2HIGH