CVE-2012-5483

CWE-2647 documents6 sources
Severity
2.1LOW
EPSS
0.1%
top 70.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedDec 26
Latest updateMay 17

Description

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDopenstack/keystone2012.1.3

🔴Vulnerability Details

2
GHSA
GHSA-8cx8-xmvm-66wj: tools/sample_data2022-05-17
CVEList
CVE-2012-5483: tools/sample_data2012-12-26

📋Vendor Advisories

2
Red Hat
OpenStack: Keystone /etc/keystone/ec2rc secret key exposure2012-11-13
Debian
CVE-2012-5483: keystone - tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elast...2012

💬Community

2
Bugzilla
CVE-2012-5483 OpenStack: Keystone /etc/keystone/ec2rc secret key exposure [epel-6]2012-11-13
Bugzilla
CVE-2012-5483 OpenStack: Keystone /etc/keystone/ec2rc secret key exposure2012-11-05
CVE-2012-5483 (LOW CVSS 2.1) | tools/sample_data.sh in OpenStack K | cvebase.io