OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly
implement token expiration, which allows remote authenticated users to
bypass intended authorization restrictions by creating new tokens through
token chaining. NOTE: this issue exists because of a CVE-2012-3426
regression.
Author | Note |
---|---|
jdstrand | Folsom+ only 2013.1~g2-0ubuntu1 is affected. Server team will provide this as part of their regular updates for Ubuntu 13.04 (deferring for now) |