CVE-2012-4456

CWE-287Improper AuthenticationCWE-30410 documents7 sources
Severity
7.5HIGH
EPSS
4.0%
top 11.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedOct 9
Latest updateMay 14

Description

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDopenstack/keystone2012.12012.1.2+1
PyPIkeystone2012.12012.1.2
Debiankeystone< 2012.1.1-9+3

Patches

Patch: www.openwall.comPatch: bugs.launchpad.netPatch: lists.launchpad.net

🔴Vulnerability Details

4
GHSA
OpenStack Keystone Improper Authentication vulnerability2022-05-14
OSV
OpenStack Keystone Improper Authentication vulnerability2022-05-14
OSV
CVE-2012-4456: The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 20122012-10-09
CVEList
CVE-2012-4456: The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 20122012-10-09

📋Vendor Advisories

2
Red Hat
2012.1.1: fails to validate tokens in Admin API2012-05-31
Debian
CVE-2012-4456: keystone - The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before...2012

💬Community

3
Bugzilla
CVE-2012-4456 CVE-2012-4457 openstack-keystone various flaws [fedora-all]2012-09-27
Bugzilla
CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API2012-09-27
Bugzilla
CVE-2012-4456 CVE-2012-4457 openstack-keystone various flaws [epel-6]2012-09-27
CVE-2012-4456 (HIGH CVSS 7.5) | The (1) OS-KSADM/services and (2) t | cvebase.io