PublicDateAtUSN: 2012-08-30
Candidate: CVE-2012-3542
PublicDate: 2012-09-05 23:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3542
 http://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155
 https://lists.launchpad.net/openstack/msg16282.html
 https://ubuntu.com/security/notices/USN-1552-1
Description:
 OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and
 OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user
 to an arbitrary tenant via a request to update the user's default tenant to
 the administrative API.  NOTE: this identifier was originally incorrectly
 assigned to an open redirect issue, but the correct identifier for that
 issue is CVE-2012-3540.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/keystone/+bug/1040626
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_keystone:
upstream_keystone: released
hardy_keystone: DNE
lucid_keystone: DNE
natty_keystone: DNE
oneiric_keystone: not-affected (different code)
precise_keystone: released (2012.1+stable~20120824-a16a0ab9-0ubuntu2.1)
devel_keystone: not-affected (2012.2~rc1~20120906.2517-0ubuntu2)