CVE-2014-3476

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions before 2013.2.4 OpenStack Identity (Keystone) versions 2014.1 before 2014.1.2 OpenStack Identity (Keystone) versions Juno before Juno-2

Description The issue is related to the improper handling of chained delegation in OpenStack Identity (Keystone), allowing remote authenticated users to gain privileges. This can be achieved by leveraging a trust or an OAuth token with impersonation enabled to create a new token with additional roles.

Recommendations For versions before 2013.2.4, update to version 2013.2.4 or later. For versions 2014.1 before 2014.1.2, update to version 2014.1.2 or later. For versions Juno before Juno-2, update to Juno-2 or later.