[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
Russell Bryant
1006815 at bugs.launchpad.net
Fri Sep 28 15:23:14 UTC 2012
Please review this vulnerability description. Once confirmed it will go
out in an OSSA. This applies to this bug as well as bug 1006822.
Title: Some actions in Keystone admin API do not validate token
Impact: High
Reporter: Jason Xu
Products: Keystone
Affects: Essex (prior to 2012.1.2), Folsom (prior to folsom-2 development milestone)
Description:
Jaxon Xu reported a vulnerability in Keystone. Two admin API actions did not require a valid token. The first was listing roles for a user. The second was the ability to get, create, and delete services.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
More information about the Ubuntu-server-bugs
mailing list