CVE-2013-6391

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions before Havana 2013.2.1 OpenStack Identity (Keystone) versions before Icehouse icehouse-2

Description The issue concerns the ec2tokens API in OpenStack Identity (Keystone), where it fails to return a trust-scoped token when one is received. This allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request, such as the "/ec2tokens" API endpoint, with potentially vulnerable parameters like trust id or token.

Recommendations For OpenStack Identity (Keystone) versions before Havana 2013.2.1, update to Havana 2013.2.1 or later to resolve the issue. For OpenStack Identity (Keystone) versions before Icehouse icehouse-2, update to Icehouse icehouse-2 or later to resolve the issue.