製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenStack Identity service における認可・権限・アクセス制御に関する脆弱性

Title	OpenStack Identity service における認可・権限・アクセス制御に関する脆弱性
Summary	OpenStack Identity service (keystone) には、認可・権限・アクセス制御に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 14, 2017, midnight
Registration Date	Oct. 10, 2018, 5:40 p.m.
Last Update	Oct. 10, 2018, 5:40 p.m.

Affected System

レッドハット

Red Hat OpenStack

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-2673	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2673
National Vulnerability Database (NVD)
2	CVE-2017-2673	https://nvd.nist.gov/vuln/detail/CVE-2017-2673

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 1439586	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673
Red Hat Security Advisory
2	RHSA-2017:1461	https://access.redhat.com/errata/RHSA-2017:1461
3	RHSA-2017:1597	https://access.redhat.com/errata/RHSA-2017:1597

その他

No	Name	URL
関連文書
1	Bug #1677723	https://bugs.launchpad.net/keystone/+bug/1677723
2	[OSSA-2017-004] federated user gets wrong role (CVE-2017-2673)	https://seclists.org/oss-sec/2017/q2/125

Change Log

No	Changed Details	Date of change
1	[2018年10月10日] 掲載	Oct. 10, 2018, 5:40 p.m.

NVD Vulnerability Information

CVE-2017-2673

Summary	An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
Publication Date	July 19, 2018, 10:29 p.m.
Registration Date	Jan. 26, 2021, 1:22 p.m.
Last Update	Nov. 21, 2024, 12:23 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://seclists.org/oss-sec/2017/q2/125	Mailing List Patch Third Party Advisory
2	http://seclists.org/oss-sec/2017/q2/125	Mailing List Patch Third Party Advisory
3	http://www.securityfocus.com/bid/98032	Third Party Advisory VDB Entry
4	http://www.securityfocus.com/bid/98032	Third Party Advisory VDB Entry
5	https://access.redhat.com/errata/RHSA-2017:1461	Vendor Advisory
6	https://access.redhat.com/errata/RHSA-2017:1461	Vendor Advisory
7	https://access.redhat.com/errata/RHSA-2017:1597	Vendor Advisory
8	https://access.redhat.com/errata/RHSA-2017:1597	Vendor Advisory
9	https://bugs.launchpad.net/keystone/+bug/1677723	Exploit Patch Third Party Advisory
10	https://bugs.launchpad.net/keystone/+bug/1677723	Exploit Patch Third Party Advisory
11	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673	Issue Tracking Patch Vendor Advisory
12	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2673	Issue Tracking Patch Vendor Advisory

Common Vulnerabilities List