CVE-2012-5571
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
Affected Software
| Vendor | Product | Version Range | Status |
|---|
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
- http://rhn.redhat.com/errata/RHSA-2012-1557.html
- http://rhn.redhat.com/errata/RHSA-2012-1556.html
- http://www.openwall.com/lists/oss-security/2012/11/28/5
- http://www.ubuntu.com/usn/USN-1641-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
- https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
- https://bugs.launchpad.net/keystone/+bug/1064914
- http://www.openwall.com/lists/oss-security/2012/11/28/6
- https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
- http://secunia.com/advisories/51423
- http://www.securityfocus.com/bid/56726
- http://secunia.com/advisories/51436
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
References
- http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
- http://rhn.redhat.com/errata/RHSA-2012-1556.html
- http://rhn.redhat.com/errata/RHSA-2012-1557.html
- http://secunia.com/advisories/51423
- http://secunia.com/advisories/51436
- http://www.openwall.com/lists/oss-security/2012/11/28/5
- http://www.openwall.com/lists/oss-security/2012/11/28/6
- http://www.securityfocus.com/bid/56726
- http://www.ubuntu.com/usn/USN-1641-1
- https://access.redhat.com/security/cve/CVE-2012-5571
- https://bugs.launchpad.net/keystone/+bug/1064914
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
- https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
- https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
- https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.