Description
OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.
References (3)
Core 3
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/1309228
Patch, Third Party Advisory x_refsource_confirm
https://review.openstack.org/#/c/94396/
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/05/21/3
Scores
EPSS
0.0035
EPSS Percentile
57.8%
Details
CWE
CWE-269
Status
published
Products (2)
openstack/keystone
2014.1 - 2014.1.1
pypi/keystone
0 - 8.0.0a0PyPI
Published
Nov 03, 2014
Tracked Since
Feb 18, 2026