Skip to navigation

CVE Database

CVE-2012-4456

Impact: Moderate
Public: 2012-05-31
CWE: CWE-862
Bugzilla: 861179: CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API

Details

The MITRE CVE dictionary describes this issue as:

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

Find out more about CVE-2012-4456 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 7.5
Base Metrics: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
RHOS Essex Release (openstack-keystone) RHSA-2012:1378 October 16, 2012

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.