CVE-2012-5563

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 18 December 2012

Summary

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

References

http://rhn.redhat.com/errata/RHSA-2012-1557.html

vendor-advisoryx_refsource_REDHAT

http://www.openwall.com/lists/oss-security/2012/11/28/5

mailing-listx_refsource_MLIST

https://github.com/openstack/keystone/commit/38c7e46a640a...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 18, 2012
Vulnerability Reserved
Oct 24, 2012