Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
OpenStack Kesytone 权限许可和访问控制问题漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。OpenStack Keystone是其中的一个用于身份验证的项目,提供身份、令牌、目录和策略服务。 OpenStack Kesytone 10.0.0版本、10.0.1版本和11.0.0版本中的默认配置中存在权限许可和访问控制漏洞。远程攻击者可通过向项目发送权限请求利用该漏洞获取项目相关的全部角色(包括管理角色)。
CVSS Information
N/A
Vulnerability Type
N/A