Lucene search
UbuntuUSN-1641-1HistoryNov 28, 2012 - 12:00 a.m.
OpenStack Keystone vulnerabilities
2012-11-2800:00:00
ubuntu.com
32
Releases
- Ubuntu 12.10
- Ubuntu 12.04
Packages
- keystone - OpenStack identity service
Details
Vijaya Erukala discovered that Keystone did not properly invalidate
EC2-style credentials such that if credentials were removed from a tenant,
an authenticated and authorized user using those credentials may still be
allowed access beyond the account owner’s expectations. (CVE-2012-5571)
It was discovered that Keystone did not properly implement token
expiration. A remote attacker could use this to continue to access an
account that is disabled or has a changed password. This issue was
previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10.
(CVE-2012-5563)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 12.10 | noarch | python-keystone | < 2012.2-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | keystone | < 2012.2-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.10 | noarch | keystone-doc | < 2012.2-0ubuntu1.2 | UNKNOWN |
| Ubuntu | 12.04 | noarch | python-keystone | < 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3 | UNKNOWN |
| Ubuntu | 12.04 | noarch | keystone | < 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3 | UNKNOWN |
| Ubuntu | 12.04 | noarch | keystone-doc | < 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3 | UNKNOWN |
Related
securityvulns
securityvulns
[USN-1641-1] OpenStack Keystone vulnerabilities
2012-12-10 00:00:00
OpenStack security vulnerabilities
2012-12-10 00:00:00
OpenStack Keystone limitations bypass
2012-09-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1641-1)
2012-11-29 00:00:00
Ubuntu Update for keystone USN-1641-1
2012-11-29 00:00:00
Fedora Update for openstack-keystone FEDORA-2012-19341
2012-12-11 00:00:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1641-1)
2012-11-29 00:00:00
Fedora 18 : openstack-keystone-2012.2.1-1.fc18 (2012-19584)
2012-12-11 00:00:00
RHEL 6 : openstack-keystone (RHSA-2012:1556)
2024-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.1-1.fc18
2012-12-11 05:57:09
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.3-3.fc17
2012-12-11 01:27:24
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.2-4.fc17
2012-10-03 23:54:46
redhat
redhat
ubuntucve
ubuntucve
github
github
OpenStack Keystone Insufficient token expiration
2022-05-17 01:39:21
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
OpenStack Keystone token expiration issues
2022-05-17 05:23:24
osv
osv
OpenStack Keystone Insufficient token expiration
2022-05-17 01:39:21
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
OpenStack Keystone token expiration issues
2022-05-17 05:23:24
prion
prion
debiancve
debiancve
cve
cve
cvelist
cvelist
veracode
veracode
Authentication Bypass
2019-01-15 08:51:20
Privilege Escalation
2019-05-02 04:41:56
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2012-09-03 00:00:00