NVD

Id
45840  
Name
CVE-2012-4457  
Description
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant"s resources by requesting a token for the tenant.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2012-10-09  
Modified Date
2013-01-30  
Seq
2012-4457  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
230166 45840 CVE-2012-4457 [oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)  View
230167 45840 CVE-2012-4457 55716  View
230168 45840 CVE-2012-4457 keystone-xauth-token-sec-bypass(78947)  View
230169 45840 CVE-2012-4457 https://bugzilla.redhat.com/show_bug.cgi?id=861180  View
230170 45840 CVE-2012-4457 https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685  View
230171 45840 CVE-2012-4457 https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5  View
230172 45840 CVE-2012-4457 [openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29157 JVNDB-2012-004864 OpenStack Keystone におけるテナントのリソースにアクセスされる脆弱性 OpenStack Keystone は、無効なテナントに対する認証トークンを適切に処理しないため、テナントのリソースにアクセスされる脆弱性が存在します。 CVE-2012-4457 57695 CVE-2012-4457 45840 4 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-004864.html 2012-09-28 2012-10-12 View