CVE-2015-7546 : The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

Published 2016-02-03 18:59:05

Updated 2025-04-12 10:46:41

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2015-7546

Oracle » Solaris » Version: 11.3
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
Matching versions
Openstack » Keystone
Versions from including (>=) 8.0.0 and before (<) 8.0.2
cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
Matching versions
Openstack » Keystone
Versions from including (>=) 2015.1.0 and up to, including, (<=) 2015.1.2
cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
Matching versions
Openstack » Keystonemiddleware
Versions from including (>=) 1.5.0 and up to, including, (<=) 1.5.3
cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
Matching versions
Openstack » Keystonemiddleware
Versions from including (>=) 1.6.0 and up to, including, (<=) 2.3.2
cpe:2.3:a:openstack:keystonemiddleware:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-7546

EPSS FAQ

0.85%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 73 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.6	5.9	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-7546

CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7546

http://www.securityfocus.com/bid/80498

OpenStack Keystone PKI Token Revocation CVE-2015-7546 Security Bypass Vulnerability
Third Party Advisory;VDB Entry
https://wiki.openstack.org/wiki/OSSN/OSSN-0062

OSSN/OSSN-0062 - OpenStack
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Oracle Solaris Bulletin - April 2016
Third Party Advisory

CVEs referencing this url
https://bugs.launchpad.net/keystone/+bug/1490804

Bug #1490804 “[OSSA 2016-005] PKI Token Revocation Bypass (CVE-2...” : Bugs : OpenStack Identity (keystone)
Issue Tracking;Third Party Advisory
https://security.openstack.org/ossa/OSSA-2016-005.html

OpenStack Docs: OSSA-2016-005: Potential reuse of revoked Identity tokens
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2015-7546

Products affected by CVE-2015-7546

Exploit prediction scoring system (EPSS) score for CVE-2015-7546

CVSS scores for CVE-2015-7546

CWE ids for CVE-2015-7546

References for CVE-2015-7546