CVE-2014-3476CVE-2014-3476

Affected configuration(s):

cpe:/a:openstack:keystone:2013.1
cpe:/a:openstack:keystone:2013.1.1
cpe:/a:openstack:keystone:2013.1.2
cpe:/a:openstack:keystone:2013.1.3
cpe:/a:openstack:keystone:2013.1.4
cpe:/a:openstack:keystone:2013.2
cpe:/a:openstack:keystone:2013.2.1
cpe:/a:openstack:keystone:2013.2.2
cpe:/a:openstack:keystone:2013.2.3
cpe:/a:openstack:keystone:2014.1
cpe:/a:openstack:keystone:juno-1

Date published: 2014-06-17T10:55:07.190-04:00

Date last modified: 2017-01-06T22:00:01.347-05:00

CVSS Score: 6.0

Principal attack vector: NETWORK

Complexity:  MEDIUM

Reference URL: http://secunia.com/advisories/59547

Summary: OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.