Vulnerability Description
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Folsom | 2012.2 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2012-1557.html
- http://secunia.com/advisories/51423Vendor Advisory
- http://secunia.com/advisories/51436Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/11/28/5Patch
- http://www.openwall.com/lists/oss-security/2012/11/28/6Patch
- http://www.securityfocus.com/bid/56727
- http://www.ubuntu.com/usn/USN-1641-1
- https://bugs.launchpad.net/keystone/+bug/1079216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
- https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081
- https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd34
- http://rhn.redhat.com/errata/RHSA-2012-1557.html
- http://secunia.com/advisories/51423Vendor Advisory
- http://secunia.com/advisories/51436Vendor Advisory
- http://www.openwall.com/lists/oss-security/2012/11/28/5Patch
FAQ
What is CVE-2012-5563?
CVE-2012-5563 is a vulnerability with a CVSS score of 4.0 (MEDIUM). OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating ...
How severe is CVE-2012-5563?
CVE-2012-5563 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5563?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Folsom.