CVE-2012-5571

NameCVE-2012-5571
DescriptionA flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs694433

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
keystone (PTS)bullseye2:18.0.0-3+deb11u1fixed
bullseye (security)2:18.1.0-1+deb11u3fixed
bookworm2:22.0.2-0+deb12u1fixed
bookworm (security)2:22.0.2-0+deb12u3fixed
trixie2:27.0.0-3+deb13u1fixed
trixie (security)2:27.0.0-3+deb13u4fixed
forky, sid2:29.0.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
keystonesource(unstable)2012.1.1-11694433
Search for package or bug name: Reporting problems