CVE-2012-5563: OpenStack Keystone Insufficient token expiration
(updated )
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
References
- bugs.launchpad.net/keystone/+bug/1079216
- exchange.xforce.ibmcloud.com/vulnerabilities/80370
- github.com/advisories/GHSA-w66p-78g4-mr7g
- github.com/openstack/keystone
- github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5
- github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681
- github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yaml
- nvd.nist.gov/vuln/detail/CVE-2012-5563
- web.archive.org/web/20121201003009/http://secunia.com/advisories/51423
- web.archive.org/web/20140802122732/http://secunia.com/advisories/51436
- web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727
Code Behaviors & Features
Detect and mitigate CVE-2012-5563 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →