7.2

CVE-2017-2673

Exploit
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenstack Version9
RedhatOpenstack Version10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.11% 0.793
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com 6.8 1.6 5.2
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://seclists.org/oss-sec/2017/q2/125
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/98032
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2017:1461
Vendor Advisory
https://access.redhat.com/errata/RHSA-2017:1597
Vendor Advisory
https://bugs.launchpad.net/keystone/+bug/1677723
Patch
Third Party Advisory
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
Patch
Vendor Advisory
Issue Tracking