OpenStack Keystone vulnerability

2013-12-19T00:00:00
ID USN-2061-1
Type ubuntu
Reporter Ubuntu
Modified 2013-12-19T00:00:00

Description

Steven Hardy discovered that Keystone did not properly enforce trusts when using the ec2tokens API. An authenticated attacker could exploit this to retrieve a token not scoped to the trust and elevate privileges to the trustor’s roles.