Role Escalation Vulnerability in OpenStack Identity (Keystone) Grizzly and Havana

Role Escalation Vulnerability in OpenStack Identity (Keystone) Grizzly and Havana

CVE-2013-4477 · LOW Severity

AV:L/AC:M/AU:N/C:P/I:P/A:N

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

Learn more about our User Device Pen Test.