CVE-2013-6391 vulnerability in OpenStack and Other Products
Published on December 14, 2013

The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to gain privileges by generating EC2 credentials from a trust-scoped token and using them in an ec2tokens API request.

Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2013-6391

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2013-6391 are published in these products:

OpenStack Keystone

Red Hat Openstack

Canonical Ubuntu Linux

Exploit Probability

EPSS

0.50%

Percentile

65.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2013-6391 vulnerability in OpenStack and Other ProductsPublished on December 14, 2013

Products Associated with CVE-2013-6391

Exploit Probability

CVE-2013-6391 vulnerability in OpenStack and Other Products
Published on December 14, 2013