5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
openstack-keystone is vulnerable to privilege escalation attacks. The vulnerability exists as the ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
rhn.redhat.com/errata/RHSA-2014-0089.html
secunia.com/advisories/56079
secunia.com/advisories/56154
www.openwall.com/lists/oss-security/2013/12/11/7
www.securityfocus.com/bid/64253
www.ubuntu.com/usn/USN-2061-1
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/keystone/+bug/1242597
exchange.xforce.ibmcloud.com/vulnerabilities/89657
rhn.redhat.com/errata/RHSA-2014-0089.html