Comment 7 for bug 1331912
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: V2 Trusts allow trustee to emulate trustor in other projects | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Here would be the impact description #1:
Title: Keystone V2 trusts privilege escalation through user supplied project id
Reporter: Jamie Lennox (Red Hat)
Products: Keystone
Versions: up to 2013.2.3, and 2014.1 to 2014.1.1
Description:
Jamie Lennox from Red Hat reported a vulnerability in Keystone trusts. By using an out of scope project id, a trustee may gain unauthorized access to another project if the trustor has the required roles to the other project. All Keystone deployments configured to enable trusts and V2 API are affected.