Lucene search

K

[email protected]NVD:CVE-2012-3542

HistorySep 05, 2012 - 11:55 p.m.

CVE-2012-3542

2012-09-0523:55:02

CWE-264

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user’s default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

Affected configurations

NVD

Node

openstackessexMatch2012.1

OR

openstackhorizonMatchfolsom-3

References

secunia.com/advisories/50467

secunia.com/advisories/50494

www.openwall.com/lists/oss-security/2012/08/30/6

www.securityfocus.com/bid/55326

www.ubuntu.com/usn/USN-1552-1

bugs.launchpad.net/keystone/+bug/1040626

github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155

github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa

lists.launchpad.net/openstack/msg16282.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.6%

Related for NVD:CVE-2012-3542

cve2 cvelist2 ubuntucve2 debiancve2 nvd1 prion2 github1 veracode5 osv1 nessus5 redhat2 openvas10 securityvulns4 ubuntu2 fedora3