CVE-2012-5571

OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2012-12-18 01:55

Updated : 2024-02-28 12:00


NVD link : CVE-2012-5571

Mitre link : CVE-2012-5571

CVE.ORG link : CVE-2012-5571


JSON object : View

Products Affected

openstack

  • folsom
  • essex
CWE
CWE-255

Credentials Management Errors