Jason Xu

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 2012.1.2 OpenStack Keystone Folsom versions prior to folsom-2 **Description** The issue concerns improper validation of the `X-Auth-Token` in the OS-KSADM/services and tenant APIs. This allows remote attackers to read roles for any user or perform unauthorized actions on services, including getting, creating, or deleting them. **Recommendations** For OpenStack Keystone versions prior to 2012.1.2, update to version 2012.1.2 or later. For OpenStack Keystone Folsom versions prior to folsom-2, update to version folsom-2 or later.