PT-2012-5412 · Openstack · Openstack Keystone
Jason Xu
·
Published
2012-10-09
·
Updated
2023-02-13
·
CVE-2012-4456
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenStack Keystone versions prior to 2012.1.2
OpenStack Keystone Folsom versions prior to folsom-2
Description
The issue concerns improper validation of the
X-Auth-Token in the OS-KSADM/services and tenant APIs. This allows remote attackers to read roles for any user or perform unauthorized actions on services, including getting, creating, or deleting them.Recommendations
For OpenStack Keystone versions prior to 2012.1.2, update to version 2012.1.2 or later.
For OpenStack Keystone Folsom versions prior to folsom-2, update to version folsom-2 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openstack Keystone