CVE-2014-0204

OpenStack Identity <2014.1.1 - Privilege Escalation

Title source: llm

Description

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

References (3)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2014/05/21/3

[Exploit, Issue Tracking, Third Party Advisory] https://bugs.launchpad.net/keystone/+bug/1309228

[Patch, Third Party Advisory] https://review.openstack.org/#/c/94396/

Scores

EPSS 0.0035

EPSS Percentile 57.2%

Classification

CWE

CWE-269

Status draft

Affected Products (2)

openstack/keystone < 2014.1.1

pypi/keystone < 8.0.0a0PyPI

Timeline

Published Nov 03, 2014

Tracked Since Feb 18, 2026