CVE-2019-3683

HIGH Year: 2019
CVSS v3 Score
8.8
High
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-732
View all →

Vulnerability Description

The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full "member" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations.

Related Vulnerabilities

CVE-2007-6033

HIGH
CVSS:8.8(High)

Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrar...

CWE-7322007

CVE-2017-0311

HIGH
CVSS:8.8(High)

NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel mode layer handler where improper access control may lead to denial of service or possible escalation of privileges.

CWE-7322017

CVE-2017-0784

HIGH
CVSS:8.8(High)

A elevation of privilege vulnerability in the Android system (nfc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37287958.

CWE-7322017

CVE-2017-1000022

HIGH
CVSS:8.8(High)

LogicalDoc Community Edition 7.5.3 and prior contain an Incorrect access control which could leave to privilege escalation.

CWE-7322017

CVE-2017-1000096

HIGH
CVSS:8.8(High)

Arbitrary code execution due to incomplete sandbox protection: Constructors, instance variable initializers, and instance initializers in Pipeline scripts were not subject to sandbox protection, and c...

CWE-7322017

CVE-2017-1000403

HIGH
CVSS:8.8(High)

Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts.

CWE-7322017