OSSA-2014-018: Keystone privilege escalation through trust chained delegation

Date:June 12, 2014


  • Keystone: up to 2013.2.3, and 2014.1 to 2014.1.1


Steven Hardy from Red Hat reported a vulnerability in Keystone chained delegation. By creating a delegation from a trust or OAuth token, a trustee may abuse the identity impersonation against keystone and circumvent the enforced scope, resulting in potential elevated privileges to any of the trustor’s projects and or roles. All Keystone deployments configured to enable trusts are affected, which has been the default since Grizzly.


  • Steven Hardy from Red Hat (CVE-2014-3476)