CVE 2013-4477
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
Related bugs and status
CVE-2013-4477 (Candidate) is related to these bugs:
Bug #1242597: [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1242597 | [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1242597 | [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) | OpenStack Security Advisory | High | Fix Released | ||
| 1242597 | [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) | OpenStack Identity (keystone) havana | Critical | Fix Released | ||
| 1242597 | [OSSA 2013-032] Keystone trust circumvention through EC2-style tokens (CVE-2013-6391) | OpenStack Identity (keystone) grizzly | Critical | Fix Released | ||
Bug #1242855: [OSSA 2013-028] Removing role adds role with LDAP backend
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1242855 | [OSSA 2013-028] Removing role adds role with LDAP backend | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1242855 | [OSSA 2013-028] Removing role adds role with LDAP backend | OpenStack Security Advisory | High | Fix Released | ||
| 1242855 | [OSSA 2013-028] Removing role adds role with LDAP backend | OpenStack Identity (keystone) havana | Critical | Fix Released | ||
| 1242855 | [OSSA 2013-028] Removing role adds role with LDAP backend | OpenStack Identity (keystone) grizzly | Critical | Fix Released | ||
Bug #1262788: Meta bug for tracking Openstack 2013.2.1 Stable Update
See the 
CVE page on Mitre.org
for more details.
