CVE-2012-4457
published 2012-10-09CVE-2012-4457: OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote…
medium4CVSS 3.1
AVNACLAuSCPINAN
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2012.1.1-9 (bookworm) | keystone 2012.1.1-9 (bookworm) |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 2012.1.1-9 | 2012.1.1-9 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
| openstack | keystone | >= 2012.1 < 2012.1.2 | 2012.1.2 |
CVSS provenance
nvd4.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.0MEDIUM