CVE-2012-5571
published 2012-12-18CVE-2012-5571: A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2012.1.1-11 (bookworm) | keystone 2012.1.1-11 (bookworm) |
| openstack | essex | — | — |
| openstack | folsom | — | — |
| openstack | keystone | >= 0 < 2012.1.1-11 | 2012.1.1-11 |
| openstack | keystone | >= 0 < 2012.1.1-11 | 2012.1.1-11 |
| openstack | keystone | >= 0 < 2012.1.1-11 | 2012.1.1-11 |
| openstack | keystone | >= 0 < 2012.1.1-11 | 2012.1.1-11 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
osv5.4MEDIUM