4

CVE-2012-5563

EPSS 0.1%
Veröffentlicht 18.12.2012 01:55:03
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining.  NOTE: this issue exists because of a CVE-2012-3426 regression.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Folsom Version2012.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.277

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

http://rhn.redhat.com/errata/RHSA-2012-1557.html

http://secunia.com/advisories/51423

Vendor Advisory

http://secunia.com/advisories/51436

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/11/28/5

Patch

http://www.openwall.com/lists/oss-security/2012/11/28/6

Patch

http://www.securityfocus.com/bid/56727

http://www.ubuntu.com/usn/USN-1641-1

https://bugs.launchpad.net/keystone/+bug/1079216

https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

https://nvd.nist.gov/vuln/detail/CVE-2012-5563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-5563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-5563

EUVD