CVE-2012-5563

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Keystone version 2012.2

Description The issue is related to the improper implementation of token expiration in OpenStack Keystone, allowing remote authenticated users to bypass intended authorization restrictions. This is achieved by creating new tokens through token chaining.

Recommendations For OpenStack Keystone version 2012.2, update the token expiration mechanism to prevent token chaining and ensure proper authorization restrictions are enforced.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-324CWE-863CWE-255

Related Identifiers

CVE-2012-5563

GHSA-W66P-78G4-MR7G

PYSEC-2012-20

RHSA-2012:1557

Affected Products

Openstack Keystone

CVE-2012-5563

Weakness Enumeration

Related Identifiers

Affected Products

References · 19