Vulnerability in Openstack Essex
CVE-2012-3426
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1)…
EPSS: 0.006 (68.7th percentile) — read the EPSS interpretation.
Affected products
- Openstack Essex
- Openstack Horizon — versions folsom-1
- Openstack Keystone — versions 2012.1, 2012.1.1
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- 50494 (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20120727 [OSSA 2012-010] Various Keystone token expiration issues (CVE-2012-3426) (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Exploit, Patch)