Published: 18/12/2012 Updated: 07/11/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack folsom 2012.2

Synopsis Moderate: openstack-keystone security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-keystone packages that fix two security issues, multiplebugs, and add enhancements are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Te ...

Keystone would allow unintended access to files over the network ...

CWE-255 https://bugs.launchpad.net/keystone/+bug/1079216 http://www.ubuntu.com/usn/USN-1641-1 http://secunia.com/advisories/51436 http://secunia.com/advisories/51423 https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5 https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681 http://www.openwall.com/lists/oss-security/2012/11/28/5 http://www.openwall.com/lists/oss-security/2012/11/28/6 http://rhn.redhat.com/errata/RHSA-2012-1557.html http://www.securityfocus.com/bid/56727 https://exchange.xforce.ibmcloud.com/vulnerabilities/80370 https://access.redhat.com/errata/RHSA-2012:1557 https://usn.ubuntu.com/1641-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-5563

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect