User: Password:
Subscribe / Log in / New account

openstack-keystone: restriction bypass

Package(s):openstack-keystone CVE #(s):CVE-2014-2237
Created:April 7, 2014 Updated:May 30, 2014
Description: From the CVE entry:

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

Red Hat RHSA-2014:0580-01 openstack-keystone 2014-05-29
Fedora FEDORA-2014-4903 openstack-keystone 2014-04-17
Fedora FEDORA-2014-4210 openstack-keystone 2014-04-05

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds