© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Russell: +1
We just need to rewrite the description so that's it's clear the security advisory is about an SQLAlchemy vulnerability that affects Keystone negatively, and not a Keystone issue.
Maybe something like:
Title: SQLAlchemy SQL injection through limit hangling
Impact: Critical
Reporter: Nikita Savin
Products: Keystone
Affects: Versions prior to Keystone Essex-3 milestone
Description:
Nikita Savin from GridDynamics reported a vulnerability in SQLAlchemy. Before version 0.7.0, SQLAlchemy did not sanitize the contents of the limit clause, potentially allowing SQL injection. Since Keystone passes user-provided values to the SQLAlchemy limit calls, it may be abused to trigger that SQL injection on vulnerable SQLAlchemy versions, potentially resulting in complete compromise of the authentication database. Only setups using SQLAlchemy < 0.7.0 are affected.
Solution:
Users are advised to upgrade to unaffected versions of SQLAlchemy (>= 0.7.0). Keystone Essex-3 milestone also contains a workaround that solves the issue for affected versions of SQLAlchemy.