Описание
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 2.0 | openstack-keystone | Affected | ||
| OpenStack Essex for RHEL 6 | openstack-keystone | Fixed | RHSA-2012:1556 | 10.12.2012 |
| OpenStack Folsom for RHEL 6 | openstack-keystone | Fixed | RHSA-2012:1557 | 10.12.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properl ...
OpenStack Keystone intended authorization restrictions bypass
EPSS
4 Medium
CVSS2