CVE-2012-5563

OpenStack Keystone < 8.0.0 - Authenticated Authorization Bypass via Token Chaining

Title source: llm

Description

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

References (11)

Core 11

Core References

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2012-1557.html

Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/11/28/5

Patch x_refsource_confirm

https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

View Patch ZIP pw:eip

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/56727

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1641-1

Patch x_refsource_confirm

https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

Patch mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/11/28/6

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/keystone/+bug/1079216

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51423

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/51436

Scores

EPSS 0.0039

EPSS Percentile 60.3%

Details

CWE

CWE-255

Status published

Products (2)

openstack/folsom 2012.2

pypi/keystone 0 - 8.0.0PyPI

Published Dec 18, 2012

Tracked Since Feb 18, 2026