OpenStack Security Advisory: 2012-018
CVE: CVE-2012-5571
Date: November 28, 2012
Title: EC2-style credentials invalidation issue
Reporter: Vijaya Erukala
Products: Keystone
Affects: All versions
Description:
Vijaya Erukala reported a vulnerability in Keystone EC2-style
credentials invalidation: when a user is removed from a tenant, issued
EC2-style credentials would continue to be valid for that tenant. An
authenticated and authorized user could potentially leverage this
vulnerability to extend his access beyond the account owner
expectations. Only setups enabling EC2-style credentials (for example
enabling EC2 API in Nova) are affected.
