CVE-2012-5571
MEDIUM5.4EPSS 0.15%OpenStack Keystone intended authorization restrictions bypass
發布日:2022/5/17修改日:2026/4/28
描述
A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
受影響套件(2)
- Debian/keystonefrom 0, < 2012.1.1-11
- PyPI/keystonefrom 0, < 8.0.0a0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
參考連結(19)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-5571
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-5571
- PATCHhttps://github.com/openstack/keystone
- WEBhttp://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2012-1556.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2012-1557.html
- WEBhttps://access.redhat.com/security/cve/CVE-2012-5571
- WEBhttps://bugs.launchpad.net/keystone/+bug/1064914
- WEBhttp://secunia.com/advisories/51423
- WEBhttp://secunia.com/advisories/51436
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80333
- WEBhttps://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
- WEBhttps://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
- WEBhttps://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-35.yaml
- WEBhttp://www.openwall.com/lists/oss-security/2012/11/28/5
- WEBhttp://www.openwall.com/lists/oss-security/2012/11/28/6
- WEBhttp://www.securityfocus.com/bid/56726
- WEBhttp://www.ubuntu.com/usn/USN-1641-1