GHSA-w66p-78g4-mr7g

Source

https://github.com/advisories/GHSA-w66p-78g4-mr7g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w66p-78g4-mr7g/GHSA-w66p-78g4-mr7g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w66p-78g4-mr7g

Aliases

CVE-2012-5563
PYSEC-2012-20

Published

2022-05-17T01:39:21Z

Modified

2024-09-27T18:07:52Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

OpenStack Keystone Insufficient token expiration

Details

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Database specific

{
    "nvd_published_at": "2012-12-18T01:55:00Z",
    "cwe_ids": [
        "CWE-324",
        "CWE-863"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-14T00:53:23Z"
}

References

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.0