CVE-2013-6391

Priority
Description
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1
and Icehouse before icehouse-2 does not return a trust-scoped token when
one is received, which allows remote trust users to gain privileges by
generating EC2 credentials from a trust-scoped token and using them in an
ec2tokens API request.
Assigned-to
jdstrand
Notes
mdeslaurOSSA 2013-032
jdstrandper upstream, Ubuntu 13.04 not affected due to improper check which
disables impersonation entirely. Upstream has not released a patch yet for
grizzly (Ubuntu 13.04) as of 2013-12-17. A fix for Ubuntu 13.04 may happen
in a future update.
More Information

Updated: 2019-12-05 21:06:19 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)