CVE-2012-5571

Priority
Description
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly
handle EC2 tokens when the user role has been removed from a tenant, which
allows remote authenticated users to bypass intended authorization
restrictions by leveraging a token for the removed user role.
Assigned-to
jdstrand
Notes
jdstrandKeystone on 11.10 is a pre-release version and unusable with other
components such as nova and horizon
Package
Upstream:pending (2013.1)
Patches:
Upstream:8735009dc5b895db265a1cd573f39f4acfca2a19 (essex)
Upstream:37308dd4f3e33f7bd0f71d83fd51734d1870713b (folsom)
Upstream:9d68b40cb9ea818c48152e6c712ff41586ad9653 (grizzly)
More Information

Updated: 2020-03-18 22:10:44 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)