CVE-2019-3683
keystone_json_assignment backend granted access to any project for users in user-project-map.json
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
El paquete keystone-json-assignment en SUSE Openstack Cloud versiĆ³n 8 antes del commit d7888c75505465490250c00cc0ef4bb1af662f9f, a cada usuario listado en el archivo /etc/keystone/user-project-map.json se le fue asignado el rol completo "member" para cada proyecto. Esto permitiĆ³ a estos usuarios acceder, modificar, crear y eliminar recursos arbitrarios, contrariamente a lo esperado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2020-01-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.suse.com/security/cve/CVE-2019-3683 | 2020-10-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Suse Search vendor "Suse" | Openstack Cloud Search vendor "Suse" for product "Openstack Cloud" | 8.0 Search vendor "Suse" for product "Openstack Cloud" and version "8.0" | - |
Affected
| ||||||
Suse Search vendor "Suse" | Keystone-json-assignment Search vendor "Suse" for product "Keystone-json-assignment" | < 2019-02-18 Search vendor "Suse" for product "Keystone-json-assignment" and version " < 2019-02-18" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Helion Openstack Search vendor "Hp" for product "Helion Openstack" | 8.0 Search vendor "Hp" for product "Helion Openstack" and version "8.0" | - |
Affected
|