4

CVE-2012-5563

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining.  NOTE: this issue exists because of a CVE-2012-3426 regression.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenstackFolsom Version2012.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.84% 0.848
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2012-1557.html
http://secunia.com/advisories/51423
Vendor Advisory
http://secunia.com/advisories/51436
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/28/5
Patch
http://www.openwall.com/lists/oss-security/2012/11/28/6
Patch
http://www.securityfocus.com/bid/56727
http://www.ubuntu.com/usn/USN-1641-1
https://bugs.launchpad.net/keystone/+bug/1079216
https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681