Unrated severityNVD Advisory· Published Jan 17, 2020· Updated Sep 17, 2024
keystone_json_assignment backend granted access to any project for users in user-project-map.json
CVE-2019-3683
Description
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < commit d7888c75505465490250c00cc0ef4bb1af662f9f
- Range: keystone-json-assignment
Patches
Vulnerability mechanics
References
1- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.