blob: 1aed863010b289a849e5ae0f2411a252162e31ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
---
critical:
- |
[`bug 1872735 <https://bugs.launchpad.net/keystone/+bug/1872735>`_]
Fixed a security issue in which a trustee or an application credential user
could create an EC2 credential or an application credential that would
permit them to get a token that elevated their role assignments beyond the
subset delegated to them in the trust or application credential. A new
attribute ``app_cred_id`` is now automatically added to the access blob of
an EC2 credential and the role list in the trust or application credential
is respected.
security:
- |
[`bug 1872735 <https://bugs.launchpad.net/keystone/+bug/1872735>`_]
Fixed a security issue in which a trustee or an application credential user
could create an EC2 credential or an application credential that would
permit them to get a token that elevated their role assignments beyond the
subset delegated to them in the trust or application credential. A new
attribute ``app_cred_id`` is now automatically added to the access blob of
an EC2 credential and the role list in the trust or application credential
is respected.
fixes:
- |
[`bug 1872735 <https://bugs.launchpad.net/keystone/+bug/1872735>`_]
Fixed a security issue in which a trustee or an application credential user
could create an EC2 credential or an application credential that would
permit them to get a token that elevated their role assignments beyond the
subset delegated to them in the trust or application credential. A new
attribute ``app_cred_id`` is now automatically added to the access blob of
an EC2 credential and the role list in the trust or application credential
is respected.
|
