PT-2012-5412 · Openstack · Openstack Keystone

Jason Xu

Publicado

2012-10-09

Atualizado

2023-02-13

CVE-2012-4456

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 2012.1.2 OpenStack Keystone Folsom versions prior to folsom-2

Description The issue concerns improper validation of the X-Auth-Token in the OS-KSADM/services and tenant APIs. This allows remote attackers to read roles for any user or perform unauthorized actions on services, including getting, creating, or deleting them.

Recommendations For OpenStack Keystone versions prior to 2012.1.2, update to version 2012.1.2 or later. For OpenStack Keystone Folsom versions prior to folsom-2, update to version folsom-2 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2012-4456

GHSA-MF98-R2GF-2X3W

RHSA-2012:1378

Produtos afetados

Openstack Keystone

PT-2012-5412 · Openstack · Openstack Keystone

CVE-2012-4456

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21