Privilege Escalation in OpenStack Identity API by OpenStack
CVE-2013-6391

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
14 December 2013

Summary

The ec2tokens API in OpenStack Identity (Keystone) prior to the versions mentioned is susceptible to a vulnerability that enables remote trust users to exploit trust-scoped tokens. When a trust-scoped token is present, it does not return the appropriate token, allowing attackers to generate EC2 credentials from these trust-scoped tokens. This exploit can lead to potentially unauthorized access and privileges, compromising the security of the OpenStack environment.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.