Please review this vulnerability description. Once confirmed it will go
out in an OSSA. This applies to this bug as well as bug 1006822.
Title: Some actions in Keystone admin API do not validate token
Impact: High
Reporter: Jason Xu
Products: Keystone
Affects: Essex (prior to 2012.1.2), Folsom
russel - description is good, run with it.
** Description changed:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
- validate token
+ validate the authentication token before returning a response.
- we can get the same result without a token in HTTP head.
+ i.e. we can get
Description looks good to me.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To
OSSA sent: https://lists.launchpad.net/openstack/msg17034.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles
** Changed in: keystone
Milestone: folsom-2 = 2012.2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4456
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API
Test coverage log.
** Attachment added: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.log
https://bugs.launchpad.net/bugs/1006815/+attachment/3283183/+files/2012.1%2Bstable%7E20120824-a16a0ab9-0ubuntu2.log
** Tags added: verification-done
--
You received this bug notification because you are a
** Changed in: keystone (Ubuntu)
Status: New = Fix Released
** Changed in: keystone (Ubuntu Precise)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
** Branch linked: lp:ubuntu/precise-proposed/keystone
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Quantal)
Importance: Undecided
Status: New
--
You received this bug notification
The attachment keystone_tenant_api_bug.patch of this bug report has
been identified as being a patch. The ubuntu-reviewers team has been
subscribed to the bug report so that they can review the patch. In the
event that this is in fact not a patch you can resolve this situation by
removing the
12 matches
Mail list logo