Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2012-5571
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-18 Dec, 2012 | 01:55
Updated At-29 Apr, 2026 | 01:13

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
OpenStack
openstack
>>essex>>2012.1
cpe:2.3:a:openstack:essex:2012.1:*:*:*:*:*:*:*
OpenStack
openstack
>>folsom>>2012.2
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-639Primarysecalert@redhat.com
CWE-255Secondarynvd@nist.gov
CWE ID: CWE-639
Type: Primary
Source: secalert@redhat.com
CWE ID: CWE-255
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1556.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-1557.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/51423secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/51436secalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/28/5secalert@redhat.com
Patch
http://www.openwall.com/lists/oss-security/2012/11/28/6secalert@redhat.com
Patch
http://www.securityfocus.com/bid/56726secalert@redhat.com
N/A
http://www.ubuntu.com/usn/USN-1641-1secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2012-5571secalert@redhat.com
N/A
https://bugs.launchpad.net/keystone/+bug/1064914secalert@redhat.com
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/80333secalert@redhat.com
N/A
https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713bsecalert@redhat.com
Patch
https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19secalert@redhat.com
Patch
https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653secalert@redhat.com
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1556.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-1557.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/51423af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/51436af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/11/28/5af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.openwall.com/lists/oss-security/2012/11/28/6af854a3a-2127-422b-91ae-364da2661108
Patch
http://www.securityfocus.com/bid/56726af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.ubuntu.com/usn/USN-1641-1af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugs.launchpad.net/keystone/+bug/1064914af854a3a-2127-422b-91ae-364da2661108
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/80333af854a3a-2127-422b-91ae-364da2661108
N/A
https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713baf854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19af854a3a-2127-422b-91ae-364da2661108
Patch
https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653af854a3a-2127-422b-91ae-364da2661108
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1556.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1557.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/51423
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51436
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/11/28/5
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/11/28/6
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/56726
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1641-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2012-5571
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/1064914
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1556.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-1557.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/51423
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/51436
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2012/11/28/5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.openwall.com/lists/oss-security/2012/11/28/6
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://www.securityfocus.com/bid/56726
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.ubuntu.com/usn/USN-1641-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugs.launchpad.net/keystone/+bug/1064914
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/80333
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://github.com/openstack/keystone/commit/37308dd4f3e33f7bd0f71d83fd51734d1870713b
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/openstack/keystone/commit/8735009dc5b895db265a1cd573f39f4acfca2a19
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://github.com/openstack/keystone/commit/9d68b40cb9ea818c48152e6c712ff41586ad9653
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Change History
0Changes found
Details not found