The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trusteeโs token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | keystone | <ย 2013.2.3-1 | keystone_2013.2.3-1_all.deb |
Debian | 11 | all | keystone | <ย 2013.2.3-1 | keystone_2013.2.3-1_all.deb |
Debian | 10 | all | keystone | <ย 2013.2.3-1 | keystone_2013.2.3-1_all.deb |
Debian | 999 | all | keystone | <ย 2013.2.3-1 | keystone_2013.2.3-1_all.deb |
Debian | 13 | all | keystone | <ย 2013.2.3-1 | keystone_2013.2.3-1_all.deb |