CVE-2013-6391

Published: Dec 14, 2013Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

Affected (3)

Products: Openstack: Keystone · Canonical: Ubuntu Linux · Redhat: Openstack

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Keystone	From 2013.2 to 2013.2.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 13.10

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 4.0

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (16)

http://rhn.redhat.com/errata/RHSA-2014-0089.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/56079

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/56154

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2013/12/11/7

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/64253

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2061-1

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/keystone/+bug/1242597

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/89657

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://rhn.redhat.com/errata/RHSA-2014-0089.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/56079

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/56154

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.openwall.com/lists/oss-security/2013/12/11/7

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/64253

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2061-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.launchpad.net/keystone/+bug/1242597

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/89657

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.