OpenStack Identity (Keystone)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 

19 lines
1.1 KiB

---
security:
- |
[`bug 1872755 <https://bugs.launchpad.net/keystone/+bug/1872755>`_]
Added validation to the EC2 credentials update API to ensure the metadata
labels 'trust_id' and 'app_cred_id' are not altered by the user. These
labels are used by keystone to determine the scope allowed by the
credential, and altering these automatic labels could enable an EC2
credential holder to elevate their access beyond what is permitted by the
application credential or trust that was used to create the EC2 credential.
fixes:
- |
[`bug 1872755 <https://bugs.launchpad.net/keystone/+bug/1872755>`_]
Added validation to the EC2 credentials update API to ensure the metadata
labels 'trust_id' and 'app_cred_id' are not altered by the user. These
labels are used by keystone to determine the scope allowed by the
credential, and altering these automatic labels could enable an EC2
credential holder to elevate their access beyond what is permitted by the
application credential or trust that was used to create the EC2 credential.