#VU7271 Security restrictions bypass in Red Hat OpenStack - CVE-2017-2673

Cybersecurity Help s.r.o.

Published: 2017-06-30

Vulnerability identifier: #VU7271

Vulnerability risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-2673

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Red Hat OpenStack
Server applications / Other server solutions

Vendor: Red Hat Inc.

Description
The vulnerability allows a remote authenticated attacker to bypass security restrictions.

The weakness exists due to improper security restrictions imposed by the affected software. A remote attacker can request project permissions and receive permissions for all roles for the project to conduct further attacks.

Successful exploitation of the vulnerability results in unauthorized access to the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Red Hat OpenStack: 11.0

External links
https://access.redhat.com/security/cve/cve-2017-2673

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Ubuntu update for OpenStack Keystone

Security restrictions bypass in Red Hat OpenStack

Red Hat update for openstack-keystone