User-project-map.json vulnerability in SUSE Openstack Cloud 8

User-project-map.json vulnerability in SUSE Openstack Cloud 8

CVE-2019-3683 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.