CVE-2017-2673

Summary

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]openstack-keystonen/aaffected

Weaknesses

  • CWE-863: CWE-863

ADP Enrichment

CVE Program Container

Additional References

References