OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack folsom 2012.2 |
||
openstack essex 2012.1 |