1. Home
  2. CVE Database
  3. CVE-2012-5571
MEDIUM · 5.4

CVE-2012-5571

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly han...

Vulnerability Description

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
OpenstackEssex2012.1
OpenstackFolsom2012.2

Related Weaknesses (CWE)

CWE-639CWE-255

References

FAQ

What is CVE-2012-5571?

CVE-2012-5571 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly han...

How severe is CVE-2012-5571?

CVE-2012-5571 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-5571?

Check the references section above for vendor advisories and patch information. Affected products include: Openstack Essex, Openstack Folsom.