Lucene search

K

PRIOn knowledge basePRION:CVE-2012-5563

HistoryDec 18, 2012 - 1:55 a.m.

Authorization

2012-12-1801:55:00

PRIOn knowledge base

www.prio-n.com

4

6.3 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.4%

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

CPENameOperatorVersion
folsomeq2012.2

References

rhn.redhat.com/errata/RHSA-2012-1557.html

secunia.com/advisories/51423

secunia.com/advisories/51436

www.openwall.com/lists/oss-security/2012/11/28/5

www.openwall.com/lists/oss-security/2012/11/28/6

www.securityfocus.com/bid/56727

www.ubuntu.com/usn/USN-1641-1

bugs.launchpad.net/keystone/+bug/1079216

exchange.xforce.ibmcloud.com/vulnerabilities/80370

github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

6.3 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

57.4%

Related for PRION:CVE-2012-5563

ubuntucve2 github2 osv2 debiancve2 cve2 cvelist2 securityvulns4 openvas8 nessus3 ubuntu2 veracode1 prion1 fedora3 redhat1