Privilege Escalation in OpenStack Identity API by OpenStack
CVE-2013-6391
Currently unrated
Summary
The ec2tokens API in OpenStack Identity (Keystone) prior to the versions mentioned is susceptible to a vulnerability that enables remote trust users to exploit trust-scoped tokens. When a trust-scoped token is present, it does not return the appropriate token, allowing attackers to generate EC2 credentials from these trust-scoped tokens. This exploit can lead to potentially unauthorized access and privileges, compromising the security of the OpenStack environment.
References
Timeline
Vulnerability published
Vulnerability Reserved