CVE-2019-3683

Summary

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Openstack Cloud 8keystone-json-assignment < d7888c75505465490250c00cc0ef4bb1af662f9faffected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CVE Program Container

Additional References

References