2 matches found
CVE-2012-3426
OpenStack Keystone before version 2012.1.1 (as used in Folsom before Folsom-1 and Essex) does not properly enforce token expiration, allowing remote authenticated users to bypass authorization by: (1) chaining tokens to create new ones, (2) using a token from a disabled account, or (3) using a to...
CVE-2012-0030
CVE-2012-0030 affects Nova 2011.3 and Essex when using the OpenStack API, allowing remote authenticated users to bypass tenant access restrictions via a modified project_id in an OSAPI request. Root cause: insufficient validation of project_id in OSAPI calls. A fix is available in OpenStack Nova ...