Vulnerability Details CVE-2019-3683
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2019-3683
-
cpe:2.3:a:hp:helion_openstack:8.0
-
cpe:2.3:a:suse:keystone-json-assignment:-
-
cpe:2.3:a:suse:keystone-json-assignment:0.0.2
-
cpe:2.3:a:suse:keystone-json-assignment:0.0.3
-
cpe:2.3:a:suse:openstack_cloud:8.0