Back to search
CVE-2014-2237
Published: Apr 1, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20140304 [OSSA 2014-006] Trustee token revocation does not work with memcache backend (CVE-2014-2237)
mailing-list
x_refsource_MLIST
65895
vdb-entry
x_refsource_BID
https://bugs.launchpad.net/keystone/+bug/1260080
x_refsource_CONFIRM
RHSA-2014:0580
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now