{"id":"PYSEC-2026-654","summary":"OpenStack Identity Keystone Improper Privilege Management","details":"OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID.","aliases":["CVE-2014-0204","GHSA-c4p9-87h3-7vr4"],"modified":"2026-07-06T08:00:47.013561254Z","published":"2026-07-02T14:13:23.908910Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0204"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/729dcad7384ba66ee7494154969cdd7ae90d86ee"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/786af9829c5329a982e3451f77afebbfb21850bd"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/97dfd55ad1b40365754dcbfce856f7ffae280a44"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/f0eee2f3b48dd0cffb9f75e396da2d914925cba5"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1309228"},{"type":"WEB","url":"https://review.openstack.org/#/c/94396"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/05/21/3"},{"type":"PACKAGE","url":"https://pypi.org/project/keystone"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-c4p9-87h3-7vr4"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.0a0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-654.yaml"}}],"schema_version":"1.7.5"}