Comment 12 for bug 1331912
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: V2 Trusts allow trustee to emulate trustor in other projects | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
@Grant thanks!
Here is the impact description #2:
Title: Keystone V2 trusts privilege escalation through user supplied project id
Reporter: Jamie Lennox (Red Hat)
Products: Keystone
Versions: up to 2013.2.3, and 2014.1 to 2014.1.1
Description:
Jamie Lennox from Red Hat reported a vulnerability in Keystone trusts. By using an out of scope project id, a trustee may gain unauthorized access if the trustor has the required roles in the requested project id. All Keystone deployments configured to enable trusts and V2 API are affected.