Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-1641-1
HistoryNov 28, 2012 - 12:00 a.m.

OpenStack Keystone vulnerabilities

2012-11-2800:00:00
ubuntu.com
37

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

66.2%

JSON

Releases

  • Ubuntu 12.10
  • Ubuntu 12.04

Packages

  • keystone - OpenStack identity service

Details

Vijaya Erukala discovered that Keystone did not properly invalidate
EC2-style credentials such that if credentials were removed from a tenant,
an authenticated and authorized user using those credentials may still be
allowed access beyond the account owner’s expectations. (CVE-2012-5571)

It was discovered that Keystone did not properly implement token
expiration. A remote attacker could use this to continue to access an
account that is disabled or has a changed password. This issue was
previously fixed as CVE-2012-3426 but was reintroduced in Ubuntu 12.10.
(CVE-2012-5563)

OSVersionArchitecturePackageVersionFilename
Ubuntu12.10noarchpython-keystone< 2012.2-0ubuntu1.2UNKNOWN
Ubuntu12.10noarchkeystone< 2012.2-0ubuntu1.2UNKNOWN
Ubuntu12.10noarchkeystone-doc< 2012.2-0ubuntu1.2UNKNOWN
Ubuntu12.04noarchpython-keystone< 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3UNKNOWN
Ubuntu12.04noarchkeystone< 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3UNKNOWN
Ubuntu12.04noarchkeystone-doc< 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3UNKNOWN

Related

securityvulns 4
openvas 8
nessus 5
redhat 2
fedora 3
ubuntucve 3
github 3
osv 3
cvelist 3
nvd 3
debiancve 3
prion 3
cve 3
veracode 2
ubuntu 1
securityvulns
securityvulns
[USN-1641-1] OpenStack Keystone vulnerabilities
2012-12-10 00:00:00
OpenStack security vulnerabilities
2012-12-10 00:00:00
[USN-1552-1] OpenStack Keystone vulnerabilities
2012-09-03 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1641-1)
2012-11-29 00:00:00
Ubuntu Update for keystone USN-1641-1
2012-11-29 00:00:00
Fedora Update for openstack-keystone FEDORA-2012-19341
2012-12-11 00:00:00
nessus
nessus
Ubuntu 12.04 LTS / 12.10 : keystone vulnerabilities (USN-1641-1)
2012-11-29 00:00:00
Fedora 18 : openstack-keystone-2012.2.1-1.fc18 (2012-19584)
2012-12-11 00:00:00
Fedora 17 : openstack-keystone-2012.1.3-3.fc17 (2012-19341)
2012-12-11 00:00:00
redhat
redhat
(RHSA-2012:1557) Moderate: openstack-keystone security, bug fix, and enhancement update
2012-12-10 00:00:00
(RHSA-2012:1556) Moderate: openstack-keystone security, bug fix, and enhancement update
2012-12-10 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.1-1.fc18
2012-12-11 05:57:09
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.3-3.fc17
2012-12-11 01:27:24
[SECURITY] Fedora 17 Update: openstack-keystone-2012.1.2-4.fc17
2012-10-03 23:54:46
ubuntucve
ubuntucve
CVE-2012-5563
2012-11-28 00:00:00
CVE-2012-5571
2012-11-28 00:00:00
CVE-2012-3426
2012-07-27 00:00:00
github
github
OpenStack Keystone Insufficient token expiration
2022-05-17 01:39:21
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
OpenStack Keystone token expiration issues
2022-05-17 05:23:24
osv
osv
OpenStack Keystone Insufficient token expiration
2022-05-17 01:39:21
OpenStack Keystone intended authorization restrictions bypass
2022-05-17 01:39:21
OpenStack Keystone token expiration issues
2022-05-17 05:23:24
cvelist
cvelist
CVE-2012-5563
2012-12-18 01:00:00
CVE-2012-5571
2012-12-18 01:00:00
CVE-2012-3426
2012-07-31 10:00:00
nvd
nvd
CVE-2012-5563
2012-12-18 01:55:03
CVE-2012-5571
2012-12-18 01:55:03
CVE-2012-3426
2012-07-31 10:45:42
debiancve
debiancve
CVE-2012-5563
2012-12-18 01:55:03
CVE-2012-5571
2012-12-18 01:55:03
CVE-2012-3426
2012-07-31 10:45:42
prion
prion
Authorization
2012-12-18 01:55:00
Authorization
2012-12-18 01:55:00
Authorization
2012-07-31 10:45:00
cve
cve
CVE-2012-5563
2012-12-18 01:55:03
CVE-2012-5571
2012-12-18 01:55:03
CVE-2012-3426
2012-07-31 10:45:42
veracode
veracode
Authentication Bypass
2019-01-15 08:51:20
Privilege Escalation
2019-05-02 04:41:56
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2012-09-03 00:00:00

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

66.2%

JSON
Related for USN-1641-1
securityvulns4openvas8nessus5redhat2fedora3ubuntucve3github3osv3cvelist3nvd3debiancve3prion3cve3veracode2ubuntu1