cvelistv5 - cve-2012-4457

CVE-2012-4457 (GCVE-0-2012-4457)

Vulnerability from cvelistv5 – Published: 2012-10-09 15:00 – Updated: 2024-08-06 20:35

Summary

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

GHSA-X8H4-XF47-PQC3

Vulnerability from github – Published: 2022-05-14 01:58 – Updated: 2024-01-12 20:20

Summary

OpenStack Keystone Token authorization for a user in a disabled tenant is allowed

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "Keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.0.0a0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-4457"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T20:20:44Z",
    "nvd_published_at": "2012-10-09T15:55:00Z",
    "severity": "MODERATE"
  },
  "details": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant.",
  "id": "GHSA-x8h4-xf47-pqc3",
  "modified": "2024-01-12T20:20:44Z",
  "published": "2022-05-14T01:58:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4457"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openstack/keystone"
    },
    {
      "type": "WEB",
      "url": "https://lists.launchpad.net/openstack/msg17035.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/50665"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/55716"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "OpenStack Keystone Token authorization for a user in a disabled tenant is allowed"
}

GSD-2012-4457

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-4457

Aliases

CVE-2012-4457

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-4457",
    "description": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant.",
    "id": "GSD-2012-4457",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-4457.html",
      "https://access.redhat.com/errata/RHSA-2012:1378"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-4457"
      ],
      "details": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant.",
      "id": "GSD-2012-4457",
      "modified": "2023-12-13T01:20:14.665501Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2012-4457",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://secunia.com/advisories/50665",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/50665"
          },
          {
            "name": "http://www.securityfocus.com/bid/55716",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/55716"
          },
          {
            "name": "http://www.openwall.com/lists/oss-security/2012/09/28/6",
            "refsource": "MISC",
            "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
          },
          {
            "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947",
            "refsource": "MISC",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
          },
          {
            "name": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685",
            "refsource": "MISC",
            "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
          },
          {
            "name": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5",
            "refsource": "MISC",
            "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
          },
          {
            "name": "https://lists.launchpad.net/openstack/msg17035.html",
            "refsource": "MISC",
            "url": "https://lists.launchpad.net/openstack/msg17035.html"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861180",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2012.1.2",
                "versionStartIncluding": "2012.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-4457"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "55716",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/55716"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861180",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
            },
            {
              "name": "[oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
            },
            {
              "name": "[openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.launchpad.net/openstack/msg17035.html"
            },
            {
              "name": "50665",
              "refsource": "SECUNIA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://secunia.com/advisories/50665"
            },
            {
              "name": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
            },
            {
              "name": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
            },
            {
              "name": "keystone-xauth-token-sec-bypass(78947)",
              "refsource": "XF",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-11-16T14:01Z",
      "publishedDate": "2012-10-09T15:55Z"
    }
  }
}

RHSA-2012:1378

Vulnerability from csaf_redhat - Published: 2012-10-16 17:17 - Updated: 2025-11-21 17:41

Summary

Red Hat Security Advisory: openstack-keystone security update

Notes

Topic

Updated openstack-keystone packages that fix multiple security issues are now available for Red Hat OpenStack Essex. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Keystone is a Python implementation of the OpenStack (http://www.openstack.org) identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a not authorized error; however, the client was still added to the tenant. Users able to access the Keystone administrative API could use this flaw to add any user to any tenant. (CVE-2012-3542) When logging into Keystone, the user receives a token to use for authentication with other services managed by Keystone. It was found that Keystone failed to revoke tokens if privileges were revoked, allowing users to retain access to resources they should no longer be able to access while their token remains valid. (CVE-2012-4413) It was found that the Keystone administrative API was missing authentication for certain actions. Users able to access the Keystone administrative API could use this flaw to add, start, and stop services, as well as list the roles for any user. (CVE-2012-4456) It was found that Keystone incorrectly handled disabled tenants. A user belonging to a disabled tenant could use this flaw to continue accessing resources as if the tenant were not disabled. (CVE-2012-4457) Red Hat would like to thank Dolph Mathews for reporting CVE-2012-3542 and CVE-2012-4413. All users of openstack-keystone are advised to upgrade to these updated packages, which upgrade openstack-keystone to upstream version 2012.1.2 and correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-keystone packages that fix multiple security issues are\nnow available for Red Hat OpenStack Essex.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nIt was found that Keystone incorrectly handled authorization failures. If\na client attempted to change their tenant membership to one they are not\nauthorized to join, Keystone correctly returned a not authorized error;\nhowever, the client was still added to the tenant. Users able to access the\nKeystone administrative API could use this flaw to add any user to any\ntenant. (CVE-2012-3542)\n\nWhen logging into Keystone, the user receives a token to use for\nauthentication with other services managed by Keystone. It was found that\nKeystone failed to revoke tokens if privileges were revoked, allowing users\nto retain access to resources they should no longer be able to access while\ntheir token remains valid. (CVE-2012-4413)\n\nIt was found that the Keystone administrative API was missing\nauthentication for certain actions. Users able to access the Keystone\nadministrative API could use this flaw to add, start, and stop services, as\nwell as list the roles for any user. (CVE-2012-4456)\n\nIt was found that Keystone incorrectly handled disabled tenants. A user\nbelonging to a disabled tenant could use this flaw to continue accessing\nresources as if the tenant were not disabled. (CVE-2012-4457)\n\nRed Hat would like to thank Dolph Mathews for reporting CVE-2012-3542 and\nCVE-2012-4413.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which upgrade openstack-keystone to upstream version 2012.1.2\nand correct these issues. After installing the updated packages, the\nKeystone service (openstack-keystone) will be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2012:1378",
        "url": "https://access.redhat.com/errata/RHSA-2012:1378"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "852510",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852510"
      },
      {
        "category": "external",
        "summary": "855491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855491"
      },
      {
        "category": "external",
        "summary": "861179",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
      },
      {
        "category": "external",
        "summary": "861180",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1378.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-keystone security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:41:29+00:00",
      "generator": {
        "date": "2025-11-21T17:41:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2012:1378",
      "initial_release_date": "2012-10-16T17:17:00+00:00",
      "revision_history": [
        {
          "date": "2012-10-16T17:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2012-10-16T17:24:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:41:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOS Essex Release",
                "product": {
                  "name": "RHOS Essex Release",
                  "product_id": "6Server-Essex",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-keystone-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "python-keystone-0:2012.1.2-4.el6.noarch",
                  "product_id": "python-keystone-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                  "product_id": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone-doc@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                  "product_id": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                  "product_id": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone-auth-token@2012.1.2-4.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2012.1.2-4.el6.src",
                "product": {
                  "name": "openstack-keystone-0:2012.1.2-4.el6.src",
                  "product_id": "openstack-keystone-0:2012.1.2-4.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2012.1.2-4.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "openstack-keystone-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2012.1.2-4.el6.src as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src"
        },
        "product_reference": "openstack-keystone-0:2012.1.2-4.el6.src",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "python-keystone-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Dolph Mathews"
          ]
        }
      ],
      "cve": "CVE-2012-3542",
      "discovery_date": "2012-08-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "852510"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Keystone: Lack of authorization for adding users to tenants",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-3542"
        },
        {
          "category": "external",
          "summary": "RHBZ#852510",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852510"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-3542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3542"
        }
      ],
      "release_date": "2012-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Keystone: Lack of authorization for adding users to tenants"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Dolph Mathews"
          ]
        }
      ],
      "cve": "CVE-2012-4413",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2012-09-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "855491"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenStack-Keystone: role revocation token issues",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4413"
        },
        {
          "category": "external",
          "summary": "RHBZ#855491",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855491"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4413"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4413",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4413"
        }
      ],
      "release_date": "2012-09-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenStack-Keystone: role revocation token issues"
    },
    {
      "cve": "CVE-2012-4456",
      "cwe": {
        "id": "CWE-304",
        "name": "Missing Critical Step in Authentication"
      },
      "discovery_date": "2012-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "861179"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "2012.1.1: fails to validate tokens in Admin API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4456"
        },
        {
          "category": "external",
          "summary": "RHBZ#861179",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4456"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4456",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4456"
        }
      ],
      "release_date": "2012-05-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "2012.1.1: fails to validate tokens in Admin API"
    },
    {
      "cve": "CVE-2012-4457",
      "discovery_date": "2012-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "861180"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "2012.1.1: fails to raise Unauthorized user error for disabled tenant",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4457"
        },
        {
          "category": "external",
          "summary": "RHBZ#861180",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4457"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4457",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4457"
        }
      ],
      "release_date": "2012-05-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "2012.1.1: fails to raise Unauthorized user error for disabled tenant"
    }
  ]
}

RHSA-2012_1378

Vulnerability from csaf_redhat - Published: 2012-10-16 17:17 - Updated: 2024-11-22 05:46

Summary

Red Hat Security Advisory: openstack-keystone security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-keystone packages that fix multiple security issues are\nnow available for Red Hat OpenStack Essex.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Keystone is a Python implementation of the OpenStack\n(http://www.openstack.org) identity service API.\n\nIt was found that Keystone incorrectly handled authorization failures. If\na client attempted to change their tenant membership to one they are not\nauthorized to join, Keystone correctly returned a not authorized error;\nhowever, the client was still added to the tenant. Users able to access the\nKeystone administrative API could use this flaw to add any user to any\ntenant. (CVE-2012-3542)\n\nWhen logging into Keystone, the user receives a token to use for\nauthentication with other services managed by Keystone. It was found that\nKeystone failed to revoke tokens if privileges were revoked, allowing users\nto retain access to resources they should no longer be able to access while\ntheir token remains valid. (CVE-2012-4413)\n\nIt was found that the Keystone administrative API was missing\nauthentication for certain actions. Users able to access the Keystone\nadministrative API could use this flaw to add, start, and stop services, as\nwell as list the roles for any user. (CVE-2012-4456)\n\nIt was found that Keystone incorrectly handled disabled tenants. A user\nbelonging to a disabled tenant could use this flaw to continue accessing\nresources as if the tenant were not disabled. (CVE-2012-4457)\n\nRed Hat would like to thank Dolph Mathews for reporting CVE-2012-3542 and\nCVE-2012-4413.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which upgrade openstack-keystone to upstream version 2012.1.2\nand correct these issues. After installing the updated packages, the\nKeystone service (openstack-keystone) will be restarted automatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2012:1378",
        "url": "https://access.redhat.com/errata/RHSA-2012:1378"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "852510",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852510"
      },
      {
        "category": "external",
        "summary": "855491",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855491"
      },
      {
        "category": "external",
        "summary": "861179",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
      },
      {
        "category": "external",
        "summary": "861180",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1378.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-keystone security update",
    "tracking": {
      "current_release_date": "2024-11-22T05:46:39+00:00",
      "generator": {
        "date": "2024-11-22T05:46:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2012:1378",
      "initial_release_date": "2012-10-16T17:17:00+00:00",
      "revision_history": [
        {
          "date": "2012-10-16T17:17:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2012-10-16T17:24:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T05:46:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOS Essex Release",
                "product": {
                  "name": "RHOS Essex Release",
                  "product_id": "6Server-Essex",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:1::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-keystone-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "python-keystone-0:2012.1.2-4.el6.noarch",
                  "product_id": "python-keystone-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                  "product_id": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone-doc@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                  "product_id": "openstack-keystone-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2012.1.2-4.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                "product": {
                  "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                  "product_id": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone-auth-token@2012.1.2-4.el6?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2012.1.2-4.el6.src",
                "product": {
                  "name": "openstack-keystone-0:2012.1.2-4.el6.src",
                  "product_id": "openstack-keystone-0:2012.1.2-4.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2012.1.2-4.el6?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "openstack-keystone-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2012.1.2-4.el6.src as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src"
        },
        "product_reference": "openstack-keystone-0:2012.1.2-4.el6.src",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "python-keystone-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch as a component of RHOS Essex Release",
          "product_id": "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        },
        "product_reference": "python-keystone-auth-token-0:2012.1.2-4.el6.noarch",
        "relates_to_product_reference": "6Server-Essex"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Dolph Mathews"
          ]
        }
      ],
      "cve": "CVE-2012-3542",
      "discovery_date": "2012-08-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "852510"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user\u0027s default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Keystone: Lack of authorization for adding users to tenants",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-3542"
        },
        {
          "category": "external",
          "summary": "RHBZ#852510",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=852510"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-3542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-3542"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-3542",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3542"
        }
      ],
      "release_date": "2012-08-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Keystone: Lack of authorization for adding users to tenants"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Dolph Mathews"
          ]
        }
      ],
      "cve": "CVE-2012-4413",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2012-09-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "855491"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenStack-Keystone: role revocation token issues",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4413"
        },
        {
          "category": "external",
          "summary": "RHBZ#855491",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=855491"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4413",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4413"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4413",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4413"
        }
      ],
      "release_date": "2012-09-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenStack-Keystone: role revocation token issues"
    },
    {
      "cve": "CVE-2012-4456",
      "cwe": {
        "id": "CWE-304",
        "name": "Missing Critical Step in Authentication"
      },
      "discovery_date": "2012-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "861179"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "2012.1.1: fails to validate tokens in Admin API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4456"
        },
        {
          "category": "external",
          "summary": "RHBZ#861179",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4456"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4456",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4456"
        }
      ],
      "release_date": "2012-05-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "2012.1.1: fails to validate tokens in Admin API"
    },
    {
      "cve": "CVE-2012-4457",
      "discovery_date": "2012-09-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "861180"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "2012.1.1: fails to raise Unauthorized user error for disabled tenant",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
          "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
          "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2012-4457"
        },
        {
          "category": "external",
          "summary": "RHBZ#861180",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2012-4457",
          "url": "https://www.cve.org/CVERecord?id=CVE-2012-4457"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-4457",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4457"
        }
      ],
      "release_date": "2012-05-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2012-10-16T17:17:00+00:00",
          "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258",
          "product_ids": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2012:1378"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:openstack-keystone-0:2012.1.2-4.el6.src",
            "6Server-Essex:openstack-keystone-doc-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-0:2012.1.2-4.el6.noarch",
            "6Server-Essex:python-keystone-auth-token-0:2012.1.2-4.el6.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "2012.1.1: fails to raise Unauthorized user error for disabled tenant"
    }
  ]
}

FKIE_CVE-2012-4457

Vulnerability from fkie_nvd - Published: 2012-10-09 15:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://secunia.com/advisories/50665	Third Party Advisory
secalert@redhat.com	http://www.openwall.com/lists/oss-security/2012/09/28/6	Mailing List, Third Party Advisory
secalert@redhat.com	http://www.securityfocus.com/bid/55716	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=861180	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/78947	Third Party Advisory, VDB Entry
secalert@redhat.com	https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685	Third Party Advisory
secalert@redhat.com	https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5	Third Party Advisory
secalert@redhat.com	https://lists.launchpad.net/openstack/msg17035.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/50665	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/09/28/6	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/55716	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=861180	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/78947	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.launchpad.net/openstack/msg17035.html	Third Party Advisory

Impacted products

Vendor	Product	Version
openstack	keystone	*
openstack	keystone	2012.2
openstack	keystone	2012.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C2AEDF-D70D-4AA0-9E4F-A0DEEBDE7AB0",
              "versionEndExcluding": "2012.1.2",
              "versionStartIncluding": "2012.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "F6F8A1A4-0A9E-4741-927C-120BF9151B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "4FC20923-206E-4DD5-8C7C-7C65F068C4D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant\u0027s resources by requesting a token for the tenant."
    },
    {
      "lang": "es",
      "value": "OpenStack Keystone Essex antes de v2012.1.2 y Folsom antes de Folsom-3 no tratan correctamente los tokens de autorizaci\u00f3n para identidades deshabilitadas, lo que permite a usuarios remotos autenticados acceder a los recursos de dicha identidad solicitando un token para el individuo.\r\n"
    }
  ],
  "id": "CVE-2012-4457",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-10-09T15:55:01.237",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/50665"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/55716"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.launchpad.net/openstack/msg17035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/50665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/55716"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.launchpad.net/openstack/msg17035.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-4457 (GCVE-0-2012-4457)

GHSA-X8H4-XF47-PQC3

GSD-2012-4457

RHSA-2012:1378

RHSA-2012_1378

FKIE_CVE-2012-4457

Tags

Sightings

Nomenclature