{"id":"CVE-2013-6391","details":"The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.","modified":"2026-01-27T04:11:49.318239Z","published":"2013-12-14T17:21:46Z","withdrawn":"2026-01-27T04:11:49.318239Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2014-0089.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/56079"},{"type":"ADVISORY","url":"http://secunia.com/advisories/56154"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/12/11/7"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/64253"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2061-1"},{"type":"REPORT","url":"https://bugs.launchpad.net/keystone/+bug/1242597"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89657"}],"schema_version":"1.7.3"}