- Description
- The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70697FA3-5C64-4632-B0F5-7DF12B4B7067"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F72F13BC-BE73-4DCD-8C7F-7D803CB047FF"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFF04D50-069F-493B-8667-C55EA6413AD3"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0911BBF3-6111-4ED8-B269-EB4383C5DC05"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC11250A-5952-4AF2-A9C3-73F8BE79C04B"
},
{
"criteria": "cpe:2.3:a:openstack:keystone:2013.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9457B89C-C75F-4CDC-97BF-2A7324E5E51B"
}
],
"operator": "OR"
}
]
}
]