@Dolph yes you are right, my bad I forget to include it in the affected version line.
I think 9f812939 introduced this bug and "git tag --contains" says it get merged for 2013.1.
Update impact description draft #2:
Title: Keystone DoS through V3 API authentication chaining
Reporter: Abu Shohel Ahmed (Ericsson)
Products: Keystone
Versions: 2013.1 versions up to 2013.2.3
Description:
Abu Shohel Ahmed from Ericsson reported a vulnerability in Keystone V3 API authentication. By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.
@Dolph yes you are right, my bad I forget to include it in the affected version line.
I think 9f812939 introduced this bug and "git tag --contains" says it get merged for 2013.1.
Update impact description draft #2:
Title: Keystone DoS through V3 API authentication chaining
Reporter: Abu Shohel Ahmed (Ericsson)
Products: Keystone
Versions: 2013.1 versions up to 2013.2.3
Description:
Abu Shohel Ahmed from Ericsson reported a vulnerability in Keystone V3 API authentication. By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service. Only Keystone setups enabling V3 API are affected.