CVE-2019-3683
published 2020-01-17CVE-2019-3683: The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | helion_openstack | — | — |
| suse | keystone-json-assignment | < 2019-02-18 | 2019-02-18 |
| suse | openstack_cloud | — | — |
| suse | suse_openstack_cloud_8 | >= keystone-json-assignment < d7888c75505465490250c00cc0ef4bb1af662f9f | d7888c75505465490250c00cc0ef4bb1af662f9f |