Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS0yM3g5LThoeHItOTc4Y84AAdzY

OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

Permalink: https://github.com/advisories/GHSA-23x9-8hxr-978c
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yM3g5LThoeHItOTc4Y84AAdzY
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: about 2 months ago

CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Percentage: 0.0029
EPSS Percentile: 0.68597

Identifiers: GHSA-23x9-8hxr-978c, CVE-2014-2237
References:

• https://nvd.nist.gov/vuln/detail/CVE-2014-2237
• https://bugs.launchpad.net/keystone/+bug/1260080
• http://rhn.redhat.com/errata/RHSA-2014-0580.html
• http://www.openwall.com/lists/oss-security/2014/03/04/16
• https://github.com/openstack/keystone/commit/813d1254eb4f7a7d40009b23bbadbc4c5cc5daac
• https://github.com/openstack/keystone/commit/a411c944af78c36f2fdb87d305ba452dc52d7ed3
• https://github.com/openstack/keystone/commit/b6f0e26da0e2ab0892a5658da281a065e668637b
• https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-105.yaml
• https://github.com/advisories/GHSA-23x9-8hxr-978c

Repository: https://github.com/openstack/keystone
Blast Radius: 10.2

Affected Packages