Описание
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:2014.1~b3-0ubuntu3 |
| lucid | DNE | |
| precise | not-affected | code-not-present |
| quantal | not-affected | code-not-present |
| raring | ignored | |
| saucy | released | 1:2013.2-0ubuntu1.2 |
| upstream | needed |
Показывать по
EPSS
5.8 Medium
CVSS2
Связанные уязвимости
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013. ...
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
EPSS
5.8 Medium
CVSS2