CVE-2013-4477

openstack-keystone: unintentional role granting with Keystone LDAP backend

Severity Score

4.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

El backend LDAP en OpenStack Identity (Keystone) Grizzly y Habana, cuando al retirar un rol de un inquilino para un usuario que no tiene esa función, añade el role al usuario, lo que permite a usuarios locales conseguir privilegios.

The openstack-keystone packages provide keystone, a Python implementation of the OpenStack Identity service API, which provides Identity, Token, Catalog, and Policy services. A flaw was discovered in the way the LDAP backend in keystone handled the removal of a role. A user could unintentionally be granted a role if the role being removed had not been previously granted to that user. Note that only OpenStack Identity setups using an LDAP backend were affected. All openstack-keystone users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-12 CVE Reserved
2013-11-02 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (6)

URL	Tag	Source

URL	Date	SRC
https://bugs.launchpad.net/keystone/+bug/1242855	2024-08-06

URL	Date	SRC
http://www.openwall.com/lists/oss-security/2013/10/30/6	2014-03-06

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2014-0113.html	2014-03-06
http://www.ubuntu.com/usn/USN-2034-1	2014-03-06
https://access.redhat.com/security/cve/CVE-2013-4477	2014-01-30
https://bugzilla.redhat.com/show_bug.cgi?id=1024401	2014-01-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openstack Search vendor "Openstack"		Grizzly Search vendor "Openstack" for product "Grizzly"				-		-		Affected
Openstack Search vendor "Openstack"		Havana Search vendor "Openstack" for product "Havana"				-		-		Affected