Oval Definition:oval:org.opensuse.security:def:20143476
Revision Date:2020-11-28Version:1
Title:CVE-2014-3476
Description:

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-3476
SUSE-SU-2014:0848-1
Platform(s):SUSE OpenStack Cloud 6
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 6 is installed
  • AND Package Information
  • openstack-keystone-8.0.2~a0~dev8-1 is installed
  • OR python-keystone-8.0.2~a0~dev8-1 is installed
  • BACK