Описание
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Vendor Advisory
- Vendor Advisory
- Patch
Уязвимые конфигурации
Одно из
EPSS
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...
OpenStack Keystone intended authorization restrictions bypass
EPSS
3.5 Low
CVSS2