CVE-2017-2673 MEDIUM

CVE-2017-2673

Vendor [Unknown]

Product openstack-keystone

Weakness CWE-863 · Incorrect authorization

Published July 19, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.

Key dates

02Disclosure timeline

July 19, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-2673 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2023-4107 Incorrect authorization allows a user manager to update a system admin CVE-2022-23615 Partial authorization bypass on document save in xwiki-platform CVE-2026-33302 OpenEMR: zhAclCheck Ignores Explicit ACL Denies CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function CVE-2026-54397 MISP event editing allows unauthorized assignment to undisclosed sharing groups