CVE-2012-5563

Name	CVE-2012-5563
Description	OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
keystone (PTS)	jessie	2014.1.3-6	fixed
	stretch (security), stretch (lts), stretch	2:10.0.0-9+deb9u1	fixed
	buster (security), buster, buster (lts)	2:14.2.0-0+deb10u2	fixed
	bullseye	2:18.0.0-3+deb11u1	fixed
	bookworm	2:22.0.0-2	fixed
	sid, trixie	2:26.0.0-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
keystone	source	(unstable)	(not affected)

- keystone <not-affected> (Folsom branch not packaged yet)