Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2012-5571

Published: 18/12/2012 Updated: 29/08/2017
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Openstack

Vulnerability Summary

OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.

Vulnerable Product Search on Vulmon Subscribe to Product

openstack folsom 2012.2

openstack essex 2012.1

Vendor Advisories

Ubuntu Security Notice: keystone vulnerabilities
Keystone would allow unintended access to files over the network ...
Red Hat: Moderate: openstack-keystone security, bug fix, and enhancement update
Synopsis Moderate: openstack-keystone security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-keystone packages that fix two security issues, multiplebugs, and add enhancements are now available for Red Hat OpenStack EssexThe Red Hat Security Response Tea ...
Red Hat: Moderate: openstack-keystone security, bug fix, and enhancement update
Synopsis Moderate: openstack-keystone security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated openstack-keystone packages that fix two security issues, multiplebugs, and add enhancements are now available for Red Hat OpenStack FolsomThe Red Hat Security Response Te ...

References

CWE-255http://www.openwall.com/lists/oss-security/2012/11/28/5http://www.openwall.com/lists/oss-security/2012/11/28/6http://secunia.com/advisories/51423http://www.ubuntu.com/usn/USN-1641-1http://secunia.com/advisories/51436https://bugs.launchpad.net/keystone/+bug/1064914https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713bhttps://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653http://rhn.redhat.com/errata/RHSA-2012-1556.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1557.htmlhttp://www.securityfocus.com/bid/56726https://exchange.xforce.ibmcloud.com/vulnerabilities/80333https://usn.ubuntu.com/1641-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook