PT-2012-6028 · Openstack · Openstack Keystone

Anndy

Publicado

2012-12-18

Atualizado

2023-02-13

CVE-2012-5563

CVSS v4.0

8.2

Alta

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Keystone version 2012.2

Description The issue is related to the improper implementation of token expiration in OpenStack Keystone, allowing remote authenticated users to bypass intended authorization restrictions. This is achieved by creating new tokens through token chaining.

Recommendations For OpenStack Keystone version 2012.2, update the token expiration mechanism to prevent token chaining and ensure proper authorization restrictions are enforced.

Correção

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-324CWE-863CWE-255

Identificadores relacionados

CVE-2012-5563

GHSA-W66P-78G4-MR7G

PYSEC-2012-20

RHSA-2012:1557

Produtos afetados

Openstack Keystone

PT-2012-6028 · Openstack · Openstack Keystone

CVE-2012-5563

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19