Solution
Please Install the Updated Packages.
Insight
Brant Knudson discovered a logic error in the LDAP backend in Keystone where removing a role on a tenant for a user who does not have that role would instead add the role to the user. An authenticated user could use this to gain privileges. Ubuntu is not configured to use the LDAP Keystone backend by default.
Affected
keystone on Ubuntu 13.10 ,
Ubuntu 13.04 ,
Ubuntu 12.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-4477 -
CVSS Base Score: 3.3
AV:L/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities