4.9

CVE-2012-3426

Exploit

EPSS 0.21%
Published 31.07.2012 10:45:42
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Essex

Openstack ≫ Horizon Versionfolsom-1

Openstack ≫ Keystone Version2012.1

Openstack ≫ Keystone Version2012.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.403

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N

http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa

http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355

Patch

http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626

Patch

Exploit

http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d

http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454

http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de

Patch

Exploit

http://secunia.com/advisories/50045

http://secunia.com/advisories/50494

http://www.openwall.com/lists/oss-security/2012/07/27/4

Patch

http://www.ubuntu.com/usn/USN-1552-1

https://bugs.launchpad.net/keystone/+bug/996595

https://bugs.launchpad.net/keystone/+bug/997194

https://bugs.launchpad.net/keystone/+bug/998185

https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz

Patch

https://nvd.nist.gov/vuln/detail/CVE-2012-3426

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3426

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3426

EUVD