Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2012-5571HistoryDec 18, 2012 - 1:55 a.m.
CVE-2012-5571
2012-12-1801:55:03
Debian Security Bug Tracker
security-tracker.debian.org
15
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
0.003
Percentile
66.2%
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | keystone | < 2012.1.1-11 | keystone_2012.1.1-11_all.deb |
| Debian | 11 | all | keystone | < 2012.1.1-11 | keystone_2012.1.1-11_all.deb |
| Debian | 999 | all | keystone | < 2012.1.1-11 | keystone_2012.1.1-11_all.deb |
| Debian | 13 | all | keystone | < 2012.1.1-11 | keystone_2012.1.1-11_all.deb |
Related
nvd
nvd
CVE-2012-5571
2012-12-18 01:55:03
osv
osv
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
prion
prion
Authorization
2012-12-18 01:55:00
github
github
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
cve
cve
CVE-2012-5571
2012-12-18 01:55:03
ubuntucve
ubuntucve
CVE-2012-5571
2012-11-28 00:00:00
cvelist
cvelist
CVE-2012-5571
2012-12-18 01:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:41:56
redhat
redhat
nessus
nessus
Fedora 18 : openstack-keystone-2012.2.1-1.fc18 (2012-19584)
2012-12-11 00:00:00
Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)
2012-12-11 00:00:00
RHEL 6 : openstack-keystone (RHSA-2012:1556)
2024-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.1-1.fc18
2012-12-11 05:57:09
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.3-3.fc17
2012-12-11 01:27:24
securityvulns
securityvulns
[USN-1641-1] OpenStack Keystone vulnerabilities
2012-12-10 00:00:00
OpenStack security vulnerabilities
2012-12-10 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1641-1)
2012-11-29 00:00:00
Ubuntu Update for keystone USN-1641-1
2012-11-29 00:00:00
Fedora Update for openstack-keystone FEDORA-2012-19341
2012-12-11 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2012-11-28 00:00:00
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
0.003
Percentile
66.2%
Related for DEBIANCVE:CVE-2012-5571