CVE-2012-5563 – keystone

Package

Manager: pip
Name: keystone
Vulnerable Version: >=0 <8.0.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00097 pctl0.27721

Details

OpenStack Keystone Insufficient token expiration OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Metadata

Created: 2022-05-17T01:39:21Z
Modified: 2024-09-27T18:07:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w66p-78g4-mr7g/GHSA-w66p-78g4-mr7g.json
CWE IDs: ["CWE-324", "CWE-863"]
Alternative ID: GHSA-w66p-78g4-mr7g
Finding: F076
Auto approve: 1