CVE-2013-4477 - Vulnerability Details - OpenCVE

The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00064.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Grizzly Havana
Redhat	Openstack

Configuration 1 [-]

OR	cpe:2.3:a:openstack:grizzly:-:::::::*
	cpe:2.3:a:openstack:havana:-:::::::*

Package	CPE	Advisory	Released Date
OpenStack 3 for RHEL 6
openstack-keystone-0:2013.1.4-2.el6ost	cpe:/a:redhat:openstack:3::el6	RHSA-2014:0113	2014-01-30T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-3724	The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
Github GHSA	GHSA-f889-wfwm-6p7m	OpenStack Identity Keystone Privilege Escalation vulnerability
Ubuntu USN	USN-2034-1	OpenStack Keystone vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2014-0113.html
http://www.openwall.com/lists/oss-security/2013/10/30/6
http://www.ubuntu.com/usn/USN-2034-1
https://bugs.launchpad.net/keystone/+bug/1242855
https://nvd.nist.gov/vuln/detail/CVE-2013-4477
https://www.cve.org/CVERecord?id=CVE-2013-4477

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-11-02T19:00:00

Updated: 2024-08-06T16:45:14.815Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4477

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-11-02T19:55:04.773

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-4477

Redhat

Severity : Moderate

Publid Date: 2013-10-21T00:00:00Z

Links: CVE-2013-4477 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-10-30T00:00:00", "descriptions": [{"lang": "en", "value": "The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-02-28T14:57:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20131030 [OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6"}, {"name": "USN-2034-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2034-1"}, {"name": "RHSA-2014:0113", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.launchpad.net/keystone/+bug/1242855"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:45:14.815Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20131030 [OSSA 2013-028] Unintentional role granting with Keystone LDAP backend (CVE-2013-4477)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6"}, {"name": "USN-2034-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2034-1"}, {"name": "RHSA-2014:0113", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.launchpad.net/keystone/+bug/1242855"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4477", "datePublished": "2013-11-02T19:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:45:14.815Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "matchCriteriaId": "77522028-683C-4708-AF46-50B49A0A2D15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges."}, {"lang": "es", "value": "El backend LDAP en OpenStack Identity (Keystone) Grizzly y Habana, cuando al retirar un rol de un inquilino para un usuario que no tiene esa funci\u00f3n, a\u00f1ade el role al usuario, lo que permite a usuarios locales conseguir privilegios."}], "id": "CVE-2013-4477", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-11-02T19:55:04.773", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2034-1"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/keystone/+bug/1242855"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0113.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.openwall.com/lists/oss-security/2013/10/30/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2034-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.launchpad.net/keystone/+bug/1242855"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}