OSSA-2013-032: Keystone trust circumvention through EC2-style tokens¶
December 11, 2013
Keystone: Havana and later
Steven Hardy from Red Hat reported a vulnerability in Keystone trusts when used in conjunction with the ec2tokens API. By generating EC2 credentials using a trust-scoped token, a trustee may retrieve a token not scoped to the trust, therefore elevating privileges to all of the trustor’s roles. Only Keystone setups enabling EC2-style authentication are affected.
Steven Hardy from Red Hat (CVE-2013-6391)