The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex prior to 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote malicious users to read the roles for an arbitrary user or get, create, or delete arbitrary services.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack keystone 2012.2 |
||
openstack keystone |