GHSA-23x9-8hxr-978c

Suggest an improvement
Source
https://github.com/advisories/GHSA-23x9-8hxr-978c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-23x9-8hxr-978c/GHSA-23x9-8hxr-978c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-23x9-8hxr-978c
Aliases
Published
2022-05-17T04:13:50Z
Modified
2024-11-26T18:31:37Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenStack Identity (Keystone) Trustee token revocations does not work with memcache backend
Details

The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.

Database specific
{
    "nvd_published_at": "2014-04-01T06:35:00Z",
    "cwe_ids": [
        "CWE-1270",
        "CWE-287"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-14T21:10:43Z"
}
References

Affected packages

PyPI / keystone

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.0a0