CVE-2012-4457

Name of the Vulnerable Software and Affected Versions OpenStack Keystone versions prior to 2012.1.2 OpenStack Keystone Folsom versions prior to folsom-3

Description The issue is related to the improper handling of authorization tokens for disabled tenants. This allows remote authenticated users to access a tenant's resources by requesting a token for the disabled tenant.

Recommendations For OpenStack Keystone Essex versions prior to 2012.1.2, update to version 2012.1.2 or later to resolve the issue. For OpenStack Keystone Folsom versions prior to folsom-3, update to version folsom-3 or later to resolve the issue.