CVE-2012-5563
First published: Tue Dec 18 2012(Updated: )
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Folsom | =2012.2 | |
| pip/keystone | <8.0.0 | 8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2012-1557.html
- http://secunia.com/advisories/51423
- http://secunia.com/advisories/51436
- http://www.openwall.com/lists/oss-security/2012/11/28/5
- http://www.openwall.com/lists/oss-security/2012/11/28/6
- http://www.securityfocus.com/bid/56727
- http://www.ubuntu.com/usn/USN-1641-1
- https://bugs.launchpad.net/keystone/+bug/1079216
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80370
- https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
- https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
- https://nvd.nist.gov/vuln/detail/CVE-2012-5563
- https://web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
- https://web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
- https://web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
- https://github.com/advisories/GHSA-w66p-78g4-mr7g (Advisory)
Frequently Asked Questions
What is the severity of CVE-2012-5563?
CVE-2012-5563 is considered a high severity vulnerability due to its potential to allow unauthorized access through token chaining.
How do I fix CVE-2012-5563?
To fix CVE-2012-5563, upgrade OpenStack Keystone to version 8.0.0 or later.
Who is affected by CVE-2012-5563?
CVE-2012-5563 affects users running OpenStack Folsom version 2012.2 and earlier versions of Keystone.
What can happen if CVE-2012-5563 is exploited?
Exploiting CVE-2012-5563 allows remote authenticated users to bypass authorization restrictions, potentially leading to unauthorized data access.
Is CVE-2012-5563 a known issue in OpenStack?
Yes, CVE-2012-5563 is recognized as a vulnerability in OpenStack Keystone, linked to a regression in CVE-2012-3426.
- collector/nvd-index
- agent/author
- agent/type
- agent/description
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/event
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-w66p-78g4-mr7g
- alias/CVE-2012-5563
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/last-modified-date
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/trending
- agent/tags
- agent/source
- vendor/openstack
- canonical/openstack folsom
- version/openstack folsom/2012.2
- package-manager/pip