openstack-keystone is vulnerable to authorization bypass. This is due to the way users are removed from tenants when using Amazon EC2 credentials. Users retain privileges after being removed from tenants and will still be able to access resources which would have not been permitted.
lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
rhn.redhat.com/errata/RHSA-2012-1556.html
www.securityfocus.com/bid/56888
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=867029
bugzilla.redhat.com/show_bug.cgi?id=873447
exchange.xforce.ibmcloud.com/vulnerabilities/80612
rhn.redhat.com/errata/RHSA-2012-1556.html