Vulnerability CVE-2014-3476

Vulnerability Name:

CVE-2014-3476 (CCN-93791)

Assigned:

2014-06-13

Published:

2014-06-13

Updated:

2020-06-02

Summary:

OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
4.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-269

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2014-3476

Source: SUSE
Type: Mailing List, Third Party Advisory
SUSE-SU-2014:0848

Source: SECUNIA
Type: Third Party Advisory
57886

Source: SECUNIA
Type: Third Party Advisory
59547

Source: CCN
Type: IBM Security Bulletin 1021220
IBM Cloud Manager with Openstack privilege escalation through trust chained delegation vulnerability (CVE-2014-3476)

Source: CCN
Type: IBM Security Bulletin 1690278
IBM SmartCloud Orchestrator - Keystone privilege escalation through trust chained delegation (CVE-2014-3476)

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[oss-security] 20140612 [OSSA 2014-018] Keystone privilege escalation through trust chained delegation (CVE-2014-3476)

Source: BID
Type: Third Party Advisory, VDB Entry
68026

Source: CCN
Type: BID-68026
OpenStack Keystone Trust Chained Delegation Privilage Escalation Vulnerability

Source: CCN
Type: OSSA 2014-018
Trust scope can be circumvented by chaining trusts (CVE-2014-3476)

Source: CONFIRM
Type: Exploit, Issue Tracking, Third Party Advisory
https://bugs.launchpad.net/keystone/+bug/1324592

Source: CCN
Type: Red Hat Bugzilla Bug 1104524
CVE-2014-3476 openstack-keystone: privilege escalation through trust chained delegation

Source: XF
Type: UNKNOWN
keystone-cve20143476-priv-esc(93791)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2014-3476

Vulnerable Configuration:

Configuration 1:

cpe:/a:openstack:keystone:*:*:*:*:*:*:*:* (Version >= 2013.2 and < 2013.2.4)

OR cpe:/a:openstack:keystone:*:*:*:*:*:*:*:* (Version >= 2014.1 and < 2014.1.2)

Configuration 2:

cpe:/a:suse:cloud:3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:openstack:keystone:2014.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:cloud_orchestrator:2.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_manager:4.1.0:*:*:*:*:openstack:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:55238	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:55921	P	Security update for libsolv (Moderate)	2021-06-23
oval:org.opensuse.security:def:56406	P	Security update for postgresql94 (Moderate)	2020-12-01
oval:org.opensuse.security:def:55075	P	colord on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56480	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:55476	P	Security update for gnome-settings-daemon (Moderate)	2020-12-01
oval:org.opensuse.security:def:56206	P	Security update for poppler (Moderate)	2020-12-01
oval:org.opensuse.security:def:55076	P	coolkey on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56518	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:55649	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:56314	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:55098	P	elfutils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:56599	P	Security update for shadow (Moderate)	2020-12-01
oval:org.opensuse.security:def:55755	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:20143476	V	CVE-2014-3476	2020-11-28
oval:org.mitre.oval:def:26502	P	USN-2324-1 -- keystone vulnerabilities	2014-10-27
oval:com.ubuntu.precise:def:20143476000	V	CVE-2014-3476 on Ubuntu 12.04 LTS (precise) - medium.	2014-06-17
oval:com.ubuntu.trusty:def:20143476000	V	CVE-2014-3476 on Ubuntu 14.04 LTS (trusty) - medium.	2014-06-17

BACK