CVE-2012-4456
published 2012-10-09CVE-2012-4456: The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token…
high7.5CVSS 3.1
AVNACLAuNCPIPAP
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2012.1.1-9 (bookworm) | keystone 2012.1.1-9 (bookworm) |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 2012.1 < 2012.1.2 | 2012.1.2 |
| openstack | keystone | >= 2012.1 < 2012.1.2 | 2012.1.2 |
CVSS provenance
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH