PublicDateAtUSN: 2012-11-28 15:00:00 UTC
Candidate: CVE-2012-5571
CRD: 2012-11-28 15:00:00 UTC
PublicDate: 2012-12-18 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5571
 https://lists.launchpad.net/openstack/msg18999.html
 https://ubuntu.com/security/notices/USN-1641-1
Description:
 OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly
 handle EC2 tokens when the user role has been removed from a tenant, which
 allows remote authenticated users to bypass intended authorization
 restrictions by leveraging a token for the removed user role.
Ubuntu-Description:
Notes:
 jdstrand> Keystone on 11.10 is a pre-release version and unusable with other
  components such as nova and horizon
Bugs:
 https://bugs.launchpad.net/keystone/+bug/1064914
Priority: medium
Discovered-by: Vijaya Erukala
Assigned-to: jdstrand
CVSS: 

Patches_keystone:
 upstream: 8735009dc5b895db265a1cd573f39f4acfca2a19 (essex)
 upstream: 37308dd4f3e33f7bd0f71d83fd51734d1870713b (folsom)
 upstream: 9d68b40cb9ea818c48152e6c712ff41586ad9653 (grizzly)
upstream_keystone: pending (2013.1)
hardy_keystone: DNE
lucid_keystone: DNE
oneiric_keystone: ignored
precise_keystone: released (2012.1+stable~20120824-a16a0ab9-0ubuntu2.3)
quantal_keystone: released (2012.2-0ubuntu1.2)
devel_keystone: not-affected (2013.1~g1-0ubuntu1)