PYSEC-2018-152

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2018-152.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2018-152
Aliases
Published
2018-07-19T13:29:00Z
Modified
2024-11-25T22:42:28.873759Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

References

Affected packages

PyPI / keystone

Package

Name
keystone
View open source insights on deps.dev
Purl
pkg:pypi/keystone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0
Last affected
9.3.0

PyPI / keystone

Package

Name
keystone
View open source insights on deps.dev
Purl
pkg:pypi/keystone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10.0.0
Fixed
10.0.2

PyPI / keystone

Package

Name
keystone
View open source insights on deps.dev
Purl
pkg:pypi/keystone

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11.0.0
Fixed
11.0.1

Affected versions

11.*

11.0.0