Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0yM3g5LThoeHItOTc4Y84AAdzY

OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

Permalink: https://github.com/advisories/GHSA-23x9-8hxr-978c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM3g5LThoeHItOTc4Y84AAdzY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 4 months ago

Identifiers: GHSA-23x9-8hxr-978c, CVE-2014-2237
References:

• https://nvd.nist.gov/vuln/detail/CVE-2014-2237
• https://bugs.launchpad.net/keystone/+bug/1260080
• http://rhn.redhat.com/errata/RHSA-2014-0580.html
• http://www.openwall.com/lists/oss-security/2014/03/04/16
• http://www.securityfocus.com/bid/65895
• https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
• https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
• https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
• https://github.com/advisories/GHSA-23x9-8hxr-978c

Repository: https://github.com/openstack/keystone
Blast Radius: 0.0

Affected Packages