OSSA-2012-018: EC2-style credentials invalidation issue¶

Date:: November 28, 2012
CVE:: CVE-2012-5571

Affects¶

Keystone: All versions

Description¶

Vijaya Erukala reported a vulnerability in Keystone EC2-style credentials invalidation: when a user is removed from a tenant, issued EC2-style credentials would continue to be valid for that tenant. An authenticated and authorized user could potentially leverage this vulnerability to extend his access beyond the account owner expectations. Only setups enabling EC2-style credentials (for example enabling EC2 API in Nova) are affected.

Patches¶

https://review.openstack.org/#/c/16760 (Essex)
https://review.openstack.org/#/c/16304 (Folsom)
https://review.openstack.org/#/c/16028 (Grizzly)

Credits¶

Vijaya Erukala (CVE-2012-5571)

References¶

https://launchpad.net/bugs/1064914
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571

OSSA-2012-018: EC2-style credentials invalidation issue