CVE-2012-5563

NameCVE-2012-5563
DescriptionOpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
keystone (PTS)jessie2014.1.3-6fixed
stretch (security), stretch (lts), stretch2:10.0.0-9+deb9u1fixed
buster (security), buster, buster (lts)2:14.2.0-0+deb10u2fixed
bullseye2:18.0.0-3+deb11u1fixed
bookworm2:22.0.0-2fixed
sid, trixie2:26.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
keystonesource(unstable)(not affected)

Notes

- keystone <not-affected> (Folsom branch not packaged yet)

Search for package or bug name: Reporting problems