openstack-keystone is vulnerable to privilege escalation. A flaw was found in the way keystone handled trusts. A trustee could use an out-of-scope project ID to gain unauthorized access to a project if the trustor had the required roles for that requested project.
lists.openstack.org/pipermail/openstack-announce/2014-July/000248.html
secunia.com/advisories/59426
access.redhat.com/errata/RHSA-2014:0994
access.redhat.com/security/cve/CVE-2014-3520
access.redhat.com/security/updates/classification/#important
bugs.launchpad.net/keystone/+bug/1331912
bugzilla.redhat.com/show_bug.cgi?id=1112668
rhn.redhat.com/errata/RHSA-2014-0994.html