3.3
CVE-2013-4477
- EPSS 0.44%
- Veröffentlicht 02.11.2013 19:55:04
- Zuletzt bearbeitet 29.04.2026 01:13:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.352 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 3.4 | 4.9 |
AV:L/AC:M/Au:N/C:P/I:P/A:N
|
http://rhn.redhat.com/errata/RHSA-2014-0113.html
http://www.openwall.com/lists/oss-security/2013/10/30/6
http://www.ubuntu.com/usn/USN-2034-1
https://bugs.launchpad.net/keystone/+bug/1242855