CVE-2012-5483

OpenStack Keystone 2012.1.3 - Info Disclosure

Title source: llm

Description

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

References (5)

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-1556.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/56888

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=873447

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/80612

Scores

EPSS 0.0011

EPSS Percentile 29.3%

Classification

CWE

CWE-264

Status draft

Affected Products (1)

openstack/keystone

Timeline

Published Dec 26, 2012

Tracked Since Feb 18, 2026