OpenStack Keystone domain-range token revocation failure Security Restriction Bypass Vulnerability

OpenStack Keystone domain-range token revocation failure Security Restriction Bypass Vulnerability

Release date:
Updated on:

Affected Systems:
Openstack Keystone
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69051
 
OpenStack Keystone is a project that provides identity, Token, directory, and policy services for the OpenStack series.
 
Keystone has a Security Restriction Bypass Vulnerability. authenticated attackers can exploit this vulnerability to bypass the target security restriction and perform unauthorized operations.
 
<* Source: Brant Knudson
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Openstack
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Http://lists.openstack.org/pipermail/openstack-announce/

Install and deploy Openstack on Ubuntu 12.10

Ubuntu 12.04 OpenStack Swift single-node deployment Manual

OpenStack cloud computing quick start tutorial

Deploying OpenStack for enterprises: what should be done and what should not be done

CentOS 6.5 x64bit quick OpenStack Installation

This article permanently updates the link address: