Jamie Lennox

**Name of the Vulnerable Software and Affected Versions** OpenStack Identity (Keystone) versions before 2013.2.4 OpenStack Identity (Keystone) versions 2014.x before 2014.1.2 OpenStack Identity (Keystone) versions Juno before Juno-2 **Description** The issue allows remote authenticated trustees to gain unauthorized access to a project for which the trustor has certain roles. This is achieved via the project ID in a V2 API trust token request. **Recommendations** For versions before 2013.2.4, update to version 2013.2.4 or later. For versions 2014.x before 2014.1.2, update to version 2014.1.2 or later. For versions Juno before Juno-2, update to Juno-2 or later.