PT-2012-4796 · Openstack · Openstack Keystone+1

Dolph Mathews

Publicado

2012-09-05

Atualizado

2023-02-13

CVE-2012-3542

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to folsom-rc1 OpenStack Essex (2012.1)

Description The issue allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API.

Recommendations For OpenStack Keystone versions prior to folsom-rc1, update to folsom-rc1 or later to resolve the issue. For OpenStack Essex (2012.1), consider upgrading to a newer version that is not affected by this issue. As a temporary workaround, consider restricting access to the administrative API to minimize the risk of exploitation.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-284

Identificadores relacionados

CVE-2012-3542

GHSA-GF2Q-J2QQ-PJF2

PYSEC-2012-19

RHSA-2012:1378

Produtos afetados

Openstack Essex

Openstack Keystone

PT-2012-4796 · Openstack · Openstack Keystone+1

CVE-2012-3542

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20