Required CVE Record Information
Description
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
References 8 Total
- secunia.com: 50665 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=861180
- lists.launchpad.net: [openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) mailing-list
- exchange.xforce.ibmcloud.com: keystone-xauth-token-sec-bypass(78947) vdb-entry
- openwall.com: [oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) mailing-list
- securityfocus.com: 55716 vdb-entry
- https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5
- https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 8 Total
- secunia.com: 50665 third-party-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=861180 x_transferred
- lists.launchpad.net: [openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) mailing-listx_transferred
- exchange.xforce.ibmcloud.com: keystone-xauth-token-sec-bypass(78947) vdb-entryx_transferred
- openwall.com: [oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457) mailing-listx_transferred
- securityfocus.com: 55716 vdb-entryx_transferred
- https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5 x_transferred
- https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685 x_transferred