Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0204

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.

Related bugs and status

CVE-2014-0204 (Candidate) is related to these bugs:

Bug #1309228: [OSSA 2014-015] User gets group auth if same id (CVE-2014-0204)

		In	Importance	Status
1309228	[OSSA 2014-015] User gets group auth if same id (CVE-2014-0204)	OpenStack Identity (keystone)	High	Fix Released
1309228	[OSSA 2014-015] User gets group auth if same id (CVE-2014-0204)	OpenStack Security Advisory	Medium	Fix Released
1309228	[OSSA 2014-015] User gets group auth if same id (CVE-2014-0204)	OpenStack Identity (keystone) icehouse	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.openwall.co...
MISC: https://bugs.launchpad...
MISC: https://review.opensta...