Novell Home

CVE-2014-3476

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-3476 at MITRE

Description

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 881977

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 3
  • openstack-keystone >= 2013.2.4.dev5.g9162837-0.7.1
  • openstack-keystone-doc >= 2013.2.4.dev5.g9162837-0.7.1
  • python-keystone >= 2013.2.4.dev5.g9162837-0.7.1
Builds
SAT Patch Nr: 9378

© 2014 Novell