CVE-2013-4477: Permission Issues

November 2, 2013 (updated March 5, 2014)

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4477
bugs.launchpad.net/keystone/+bug/1242855
github.com/openstack/keystone/commit/c6800c

Detect and mitigate CVE-2013-4477 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →