Comment 12 for bug 1006815
Revision history for this message
| Russell Bryant (russellb) wrote Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Please review this vulnerability description. Once confirmed it will go out in an OSSA. This applies to this bug as well as bug 1006822.
Title: Some actions in Keystone admin API do not validate token
Impact: High
Reporter: Jason Xu
Products: Keystone
Affects: Essex (prior to 2012.1.2), Folsom (prior to folsom-2 development milestone)
Description:
Jaxon Xu reported a vulnerability in Keystone. Two admin API actions did not require a valid token. The first was listing roles for a user. The second was the ability to get, create, and delete services.