[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
Please review this vulnerability description. Once confirmed it will go
out in an OSSA. This applies to this bug as well as bug 1006822.
Title: Some actions in Keystone admin API do not validate token
Impact: High
Reporter: Jason Xu
Products: Keystone
Affects: Essex (prior to 2012.1.2), Folsom (prior to folsom-2 development
milestone)
Description:
Jaxon Xu reported a vulnerability in Keystone. Two admin API actions did not
require a valid token. The first was listing roles for a user. The second was
the ability to get, create, and delete services.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
russel - description is good, run with it.
** Description changed:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
- validate token
+ validate the authentication token before returning a response.
- we can get the same result without a token in HTTP head.
+ i.e. we can get the same result without a token in HTTP head.
Eg:
without a token
jason@ubuntu:~/project/keystone$ curl
http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles
| python -m json.tool
- % Total% Received % Xferd Average Speed TimeTime Time
Current
- Dload Upload Total SpentLeft Speed
+ % Total% Received % Xferd Average Speed TimeTime Time
Current
+ Dload Upload Total SpentLeft Speed
10072 100720 0308 0 --:--:-- --:--:-- --:--:-- 346
{
- roles: [
- {
- id: 06906f69ffd44ad0b9fc86d1c3d1bcbd,
- name: admin
- }
- ]
+ roles: [
+ {
+ id: 06906f69ffd44ad0b9fc86d1c3d1bcbd,
+ name: admin
+ }
+ ]
}
with token
jason@ubuntu:~/project/keystone$ curl -H
X-Auth-Token:ecab59a3f4e2468b9934c24f8660a809
http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles
| python -m json.tool
- % Total% Received % Xferd Average Speed TimeTime Time
Current
- Dload Upload Total SpentLeft Speed
+ % Total% Received % Xferd Average Speed TimeTime Time
Current
+ Dload Upload Total SpentLeft Speed
10072 100720 0242 0 --:--:-- --:--:-- --:--:-- 270
{
- roles: [
- {
- id: 06906f69ffd44ad0b9fc86d1c3d1bcbd,
- name: admin
- }
- ]
+ roles: [
+ {
+ id: 06906f69ffd44ad0b9fc86d1c3d1bcbd,
+ name: admin
+ }
+ ]
}
-
What we expect:
without a token
jason@ubuntu:~/project/keystone$ curl
http://0.0.0.0:35357/v2.0/tenants/1f73672bf2184a909abc8fe67e7a537d/users/b84f6dbb6d7b4130a8a9e9298ec96164/roles
| python -m json.tool % Total% Received % Xferd Average Speed Time
Time Time Current
- Dload Upload Total SpentLeft Speed
+ Dload Upload Total SpentLeft Speed
100 116 100 1160 0848 0 --:--:-- --:--:-- --:--:-- 1026
{
- error: {
- code: 401,
- message: The request you have made requires authentication.,
- title: Not Authorized
- }
+ error: {
+ code: 401,
+ message: The request you have made requires authentication.,
+ title: Not Authorized
+ }
}
-
Attached is a diff of the changes.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
Description looks good to me.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
OSSA sent: https://lists.launchpad.net/openstack/msg17034.html
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** Changed in: keystone
Milestone: folsom-2 = 2012.2
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-4456
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
Test coverage log.
** Attachment added: 2012.1+stable~20120824-a16a0ab9-0ubuntu2.log
https://bugs.launchpad.net/bugs/1006815/+attachment/3283183/+files/2012.1%2Bstable%7E20120824-a16a0ab9-0ubuntu2.log
** Tags added: verification-done
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** Changed in: keystone (Ubuntu)
Status: New = Fix Released
** Changed in: keystone (Ubuntu Precise)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** Branch linked: lp:ubuntu/precise-proposed/keystone
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Quantal)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1006815] Re: Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token
The attachment keystone_tenant_api_bug.patch of this bug report has
been identified as being a patch. The ubuntu-reviewers team has been
subscribed to the bug report so that they can review the patch. In the
event that this is in fact not a patch you can resolve this situation by
removing the tag 'patch' from the bug report and editing the attachment
so that it is not flagged as a patch. Additionally, if you are member
of the ubuntu-reviewers team please also unsubscribe the team from this
bug report.
[This is an automated message performed by a Launchpad user owned by
Brian Murray. Please contact him regarding any issues with the action
taken in this bug report.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to keystone in Ubuntu.
https://bugs.launchpad.net/bugs/1006815
Title:
Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't
validate token
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1006815/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
