A vulnerability was found in Keystone’s EC2 credentials API. This flaw allows any user authenticated within a limited scope (trust/OAuth/application credential) to create an EC2 credential with escalated permissions, for example, obtaining an “admin” role, while the user is on a limited “viewer” role.