User: Password:
Subscribe / Log in / New account

keystone: access control bypass

Package(s):keystone CVE #(s):CVE-2013-6391
Created:December 20, 2013 Updated:April 7, 2014

From the Ubuntu advisory:

Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor's roles.

Fedora FEDORA-2014-4210 openstack-keystone 2014-04-05
Red Hat RHSA-2014:0368-01 openstack-keystone 2014-04-03
Red Hat RHSA-2014:0089-01 openstack-keystone 2014-01-22
Ubuntu USN-2061-1 keystone 2013-12-19

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds