{
    "advisory": {
        "date": "2013-12-11", 
        "description": "Steven Hardy from Red Hat reported a vulnerability in Keystone trusts when used in conjunction with the ec2tokens API. By generating EC2 credentials using a trust-scoped token, a trustee may retrieve a token not scoped to the trust, therefore elevating privileges to all of the trustor's roles. Only Keystone setups enabling EC2-style authentication are affected.", 
        "id": "2013-032", 
        "title": "Keystone trust circumvention through EC2-style tokens", 
        "url": "http://lists.openstack.org/pipermail/openstack-announce/2013-December/000168.html"
    }, 
    "affects": [
        {
            "product": "keystone", 
            "version": "TODO"
        }
    ], 
    "bugs": [
        "1242597"
    ], 
    "notes": "", 
    "reporters": [
        {
            "company": "Red Hat", 
            "name": "Steven Hardy"
        }
    ], 
    "reviews": [
        "51973", 
        "61419", 
        "61425"
    ], 
    "schema_version": 1, 
    "vulnerabilities": [
        {
            "cve": "CVE-2013-6391", 
            "cvss": {
                "base_score": "4.0", 
                "scoring_vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
            }, 
            "cwe": "TODO", 
            "impact": "moderate"
        }
    ]
}