CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
openstackessex
2012.1
openstackfolsom
2012.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
keystone
bookworm
2:22.0.0-2
fixed
bullseye
2:18.0.0-3+deb11u1
fixed
sid
2:26.0.0-1
fixed
trixie
2:26.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
keystone
hardy
dne
lucid
dne
oneiric
ignored
precise
Fixed 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
released
quantal
Fixed 2012.2-0ubuntu1.2
released
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
http://rhn.redhat.com/errata/RHSA-2012-1556.html
http://rhn.redhat.com/errata/RHSA-2012-1557.html
http://secunia.com/advisories/51423
http://secunia.com/advisories/51436
http://www.openwall.com/lists/oss-security/2012/11/28/5
http://www.openwall.com/lists/oss-security/2012/11/28/6
http://www.securityfocus.com/bid/56726
http://www.ubuntu.com/usn/USN-1641-1
https://access.redhat.com/security/cve/CVE-2012-5571
https://bugs.launchpad.net/keystone/+bug/1064914
https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
http://rhn.redhat.com/errata/RHSA-2012-1556.html
http://rhn.redhat.com/errata/RHSA-2012-1557.html
http://secunia.com/advisories/51423
http://secunia.com/advisories/51436
http://www.openwall.com/lists/oss-security/2012/11/28/5
http://www.openwall.com/lists/oss-security/2012/11/28/6
http://www.securityfocus.com/bid/56726
http://www.ubuntu.com/usn/USN-1641-1
https://bugs.launchpad.net/keystone/+bug/1064914
https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653