CVE-2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*

History

No history.

Information

Published : 2012-10-09 15:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-4457

Mitre link : CVE-2012-4457

CVE.ORG link : CVE-2012-4457


JSON object : View

Products Affected

openstack

  • keystone
CWE
CWE-287

Improper Authentication