CVE-2012-5563 : OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remot

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Published 2012-12-18 01:55:04

Updated 2023-02-13 00:26:48

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-5563

Probability of exploitation activity in the next 30 days: 0.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 58 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-5563

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2012-5563

CWE-255

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-5563

http://www.openwall.com/lists/oss-security/2012/11/28/5

oss-security - [OSSA 2012-018] EC2-style credentials invalidation issue (CVE-2012-5571)
Patch

CVEs referencing this url
https://github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5

Ensure token expiration is maintained (bug 1079216) · openstack/keystone@38c7e46 · GitHub
http://www.securityfocus.com/bid/56727

OpenStack Token Expiration Security Bypass Vulnerability
http://www.ubuntu.com/usn/USN-1641-1

USN-1641-1: OpenStack Keystone vulnerabilities | Ubuntu security notices

CVEs referencing this url
https://bugs.launchpad.net/keystone/+bug/1079216

Bug #1079216 “[OSSA-2012-019] token expires time incorrect for a...” : Bugs : OpenStack Identity (keystone)
https://github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681

Ensure token expiration is maintained · openstack/keystone@f9d4766 · GitHub
https://exchange.xforce.ibmcloud.com/vulnerabilities/80370

OpenStack Folsom tokens security bypass CVE-2012-5563 Vulnerability Report
http://www.openwall.com/lists/oss-security/2012/11/28/6

oss-security - [OSSA 2012-019] Extension of token validity through token chaining (CVE-2012-5563)
Patch

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2012-1557.html

RHSA-2012:1557 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url

Products affected by CVE-2012-5563

Openstack » Folsom » Version: 2012.2
cpe:2.3:a:openstack:folsom:2012.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-5563

Exploit prediction scoring system (EPSS) score for CVE-2012-5563

CVSS scores for CVE-2012-5563

CWE ids for CVE-2012-5563

References for CVE-2012-5563

Products affected by CVE-2012-5563