CVE-2012-5571

EPSS 0.15%
Veröffentlicht 18.12.2012 01:55:03
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Openstack keystone: openstack keystone: authorization bypass via improper ec2 token handling

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 18

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Essex Version2012.1

Openstack ≫ Folsom Version2012.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.359

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secalert@redhat.com	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

http://rhn.redhat.com/errata/RHSA-2012-1557.html

http://secunia.com/advisories/51423

Vendor Advisory

http://secunia.com/advisories/51436

Vendor Advisory

http://www.openwall.com/lists/oss-security/2012/11/28/5

Patch

http://www.openwall.com/lists/oss-security/2012/11/28/6

Patch

http://www.ubuntu.com/usn/USN-1641-1

http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html

http://rhn.redhat.com/errata/RHSA-2012-1556.html