Launchpad CVE tracker

CVE 2012-4457

OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

Related bugs and status

CVE-2012-4457 (Candidate) is related to these bugs:

Bug #988920: [OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error

		In	Importance	Status
988920	[OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error	OpenStack Identity (keystone)	Medium	Fix Released
988920	[OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error	OpenStack Identity (keystone) essex	Medium	Fix Released
988920	[OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error	keystone (Ubuntu)	Undecided	Fix Released
988920	[OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error	keystone (Ubuntu Precise)	Undecided	Fix Released
988920	[OSSA 2012-016]Token authentication for a user in a disabled tenant does not raise Unauthorized error	OpenStack Security Advisory	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2012-4457

References