OpenStack Identity service (keystone) Incorrect Authorization
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Package
Affected versions
>= 9.0.0, <= 9.3.0
>= 10.0.0, <= 10.0.1
= 11.0.0
Patched versions
10.0.2
11.0.1
Description
Published by the National Vulnerability Database
Jul 19, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
May 14, 2024
Last updated
Nov 26, 2024
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
References