{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T18:01:57.325","vulnerabilities":[{"cve":{"id":"CVE-2019-3683","sourceIdentifier":"meissner@suse.de","published":"2020-01-17T11:15:11.813","lastModified":"2024-11-21T04:42:19.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations."},{"lang":"es","value":"El paquete keystone-json-assignment en SUSE Openstack Cloud versiĆ³n 8 antes del commit d7888c75505465490250c00cc0ef4bb1af662f9f, a cada usuario listado en el archivo /etc/keystone/user-project-map.json se le fue asignado el rol completo \"member\" para cada proyecto. Esto permitiĆ³ a estos usuarios acceder, modificar, crear y eliminar recursos arbitrarios, contrariamente a lo esperado."}],"metrics":{"cvssMetricV31":[{"source":"meissner@suse.de","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"meissner@suse.de","type":"Secondary","description":[{"lang":"en","value":"CWE-732"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-732"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:openstack_cloud:8.0:*:*:*:*:*:*:*","matchCriteriaId":"1C3BEB21-4080-4258-B95C-562D717AED0B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:suse:keystone-json-assignment:*:*:*:*:*:*:*:*","versionEndExcluding":"2019-02-18","matchCriteriaId":"5CA0DA3D-0522-4337-8CBF-3D68CD71C69E"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hp:helion_openstack:8.0:*:*:*:*:*:*:*","matchCriteriaId":"541BB602-443D-4D8E-A46F-5EC4A9702E17"}]}]}],"references":[{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1124864","source":"meissner@suse.de","tags":["Issue Tracking","Permissions Required"]},{"url":"https://www.suse.com/security/cve/CVE-2019-3683/","source":"nvd@nist.gov","tags":["Vendor Advisory"]},{"url":"https://bugzilla.suse.com/show_bug.cgi?id=1124864","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Permissions Required"]}]}}]}