Safety vulnerability ID: 37773
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Keystone-json-assignment 0.0.4 includes a fix for CVE-2019-3683: The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
https://github.com/SUSE-Cloud/keystone-json-assignment/commit/d7888c75505465490250c00cc0ef4bb1af662f9f
Latest version: 0.0.4
JSON Backend for the Keystone Assignment Driver
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.
CONFIRM:https://bugzilla.suse.com/show_bug.cgi?id=1124864: https://bugzilla.suse.com/show_bug.cgi?id=1124864
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application