Authorization Flaw in OpenStack Keystone Allows User Additions
CVE-2012-3542

Currently unrated

Key Information:

Vendor

Openstack
Status
Essex
Horizon
Vendor
CVE Published:
5 September 2012

What is CVE-2012-3542?

The OpenStack Keystone component is vulnerable to a lack of proper authorization that allows remote attackers to manipulate user associations within tenants. Specifically, attackers can exploit this flaw to add arbitrary users to any specified tenant by sending a crafted request to the administrative API to update a user's default tenant. This vulnerability presents significant risks as it enables unauthorized access to tenant resources, potentially leading to data breaches and unauthorized data manipulation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/50467
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/55326
vdb-entryx_refsource_BID
https://lists.launchpad.net/openstack/msg16282.html
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.