Rohit Karajgi

**Name of the Vulnerable Software and Affected Versions** OpenStack Keystone versions prior to 2012.1.2 OpenStack Keystone Folsom versions prior to folsom-3 **Description** The issue is related to the improper handling of authorization tokens for disabled tenants. This allows remote authenticated users to access a tenant's resources by requesting a token for the disabled tenant. **Recommendations** For OpenStack Keystone Essex versions prior to 2012.1.2, update to version 2012.1.2 or later to resolve the issue. For OpenStack Keystone Folsom versions prior to folsom-3, update to version folsom-3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Nova versions 2011.3 and Essex **Description** The issue allows remote authenticated users to bypass access restrictions for tenants of other users when using the OpenStack API. This is achieved via an OSAPI request with a modified `project id` URI parameter. **Recommendations** For Nova version 2011.3, update to a version that includes the fix for this issue. For Nova version Essex, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the OSAPI endpoint to minimize the risk of exploitation.