CVE-2013-6391
published 2013-12-14CVE-2013-6391: The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is…
medium5.8CVSS 3.1
AVNACMAuNCPIPAN
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | keystone | < keystone 2013.2.1-1 (bookworm) | keystone 2013.2.1-1 (bookworm) |
| openstack | keystone | >= 0 < 2013.2.1-1 | 2013.2.1-1 |
| openstack | keystone | >= 0 < 2013.2.1-1 | 2013.2.1-1 |
| openstack | keystone | >= 0 < 2013.2.1-1 | 2013.2.1-1 |
| openstack | keystone | >= 0 < 2013.2.1-1 | 2013.2.1-1 |
| openstack | keystone | >= 2013.2 < 2013.2.1 | 2013.2.1 |
| redhat | openstack | — | — |
CVSS provenance
nvd5.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv5.8MEDIUM