Описание
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
A flaw was found in keystone's chained delegation. A trustee able to create a delegation from a trust or an OAuth token could misuse identity impersonation to bypass the enforced scope, possibly allowing them to obtain elevated privileges to the trustor's projects and roles.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 5 (Icehouse) | openstack-keystone | Affected | ||
| OpenStack 3 for RHEL 6 | openstack-keystone | Fixed | RHSA-2014:0994 | 31.07.2014 |
| OpenStack 4 for RHEL 6 | openstack-keystone | Fixed | RHSA-2014:0994 | 31.07.2014 |
Показывать по
Дополнительная информация
Статус:
4.9 Medium
CVSS2
Связанные уязвимости
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges by leveraging a (1) trust or (2) OAuth token with impersonation enabled to create a new token with additional roles.
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
4.9 Medium
CVSS2