Low severityNVD Advisory· Published Nov 2, 2013· Updated Jun 16, 2026
CVE-2013-4477
CVE-2013-4477
Description
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | < 8.0.0a0 | 8.0.0a0 |
Affected products
3Patches
Vulnerability mechanics
References
8- www.openwall.com/lists/oss-security/2013/10/30/6nvdPatchWEB
- bugs.launchpad.net/keystone/+bug/1242855nvdExploitWEB
- github.com/advisories/GHSA-f889-wfwm-6p7mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-4477ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2014-0113.htmlnvdWEB
- www.ubuntu.com/usn/USN-2034-1nvdWEB
- github.com/openstack/keystone/commit/b17e7bec768bd53d3977352486378698a3db3cfaghsaWEB
- github.com/openstack/keystone/commit/c6800ca1ac984c879e75826df6694d6199444ea0ghsaWEB
News mentions
0No linked articles in our index yet.