Token Revocation Vulnerability in OpenStack Keystone by OpenStack
CVE-2014-2237

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
1 April 2014

Summary

The memcache token backend in OpenStack Identity (Keystone) allows a trust token, when impersonation is enabled, to be issued without being included in the trustee's token-index list. This oversight prevents the effective invalidation of the token during bulk revocations, enabling unauthorized access and the potential bypass of established security restrictions.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.