Authorization Bypass in OpenStack Keystone by Remote Authenticated Users
CVE-2012-5571
Currently unrated
Summary
The OpenStack Keystone component in versions Essex (2012.1) and Folsom (2012.2) contains a flaw in its handling of EC2 tokens. When a user's role is removed from a tenant, the system fails to invalidate the associated token. This allows remote authenticated users to exploit the token of a removed user role, granting them access to resources they should no longer be permitted to control. Proper validation and revocation processes are critical to maintaining security in multi-tenant environments, making it essential to address this weakness to prevent potential unauthorized access.
References
Timeline
Vulnerability published
Vulnerability Reserved