CVE-2013-0282

OpenStack Keystone < 2012.1.3, 2012.1.x-2012.2.x, < 2013.1 - Improper Authentication via EC2-Style Authentication

Title source: llm
STIX 2.1

Description

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

References (7)

Core 7
Core References
Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/1121494
Vendor Advisory x_refsource_confirm
https://review.openstack.org/#/c/22321/
Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/02/19/3
Third Party Advisory x_refsource_confirm
https://launchpad.net/keystone/grizzly/2013.1
Third Party Advisory x_refsource_confirm
https://launchpad.net/keystone/+milestone/2012.2.4
Vendor Advisory x_refsource_confirm
https://review.openstack.org/#/c/22319/
Vendor Advisory x_refsource_confirm
https://review.openstack.org/#/c/22320/

Scores

EPSS 0.0047
EPSS Percentile 64.6%

Details

CWE
CWE-287
Status published
Products (3)
openstack/keystone 2013.1 milestone1 (3 CPE variants)
openstack/keystone 2012.1 - 2012.1.3
pypi/Keystone 0 - 8.0.0a0PyPI
Published Apr 12, 2013
Tracked Since Feb 18, 2026