PYSEC-2012-34
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2012-34.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2012-34
- Withdrawn
- 2024-11-22T04:37:04Z
- Published
- 2012-07-31T10:45:00Z
- Modified
- 2025-10-09T05:19:08.135365Z
- Summary
- [none]
- Details
-
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
- References
-
- http://www.openwall.com/lists/oss-security/2012/07/27/4
- https://bugs.launchpad.net/keystone/+bug/998185
- https://launchpad.net/keystone/essex/2012.1.1/+download/keystone-2012.1.1.tar.gz
- http://github.com/openstack/keystone/commit/ea03d05ed5de0c015042876100d37a6a14bf56de
- https://bugs.launchpad.net/keystone/+bug/997194
- http://github.com/openstack/keystone/commit/628149b3dc6b58b91fd08e6ca8d91c728ccb8626
- http://github.com/openstack/keystone/commit/375838cfceb88cacc312ff6564e64eb18ee6a355
- https://bugs.launchpad.net/keystone/+bug/996595
- http://github.com/openstack/keystone/commit/d9600434da14976463a0bd03abd8e0309f0db454
- http://github.com/openstack/keystone/commit/29e74e73a6e51cffc0371b32354558391826a4aa
- http://github.com/openstack/keystone/commit/a67b24878a6156eab17b9098fa649f0279256f5d
- http://www.ubuntu.com/usn/USN-1552-1
- http://secunia.com/advisories/50045
- http://secunia.com/advisories/50494
Affected packages
PyPI / keystone
Package
- Name
- keystone
- View open source insights on deps.dev
- Purl
- pkg:pypi/keystone
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openstack/keystone
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixedFixed
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
12.*
12.0.2
12.0.3
13.*
13.0.2
13.0.3
13.0.4
14.*
14.0.0
14.0.1
14.1.0
14.2.0
15.*
15.0.0.0rc1
15.0.0.0rc2
15.0.0
15.0.1
16.*
16.0.0.0rc1
16.0.0.0rc2
16.0.0
16.0.1
16.0.2
17.*
17.0.0.0rc1
17.0.0.0rc2
17.0.0
17.0.1
18.*
18.0.0.0rc1
18.0.0
18.1.0
19.*
19.0.0.0rc1
19.0.0.0rc2
19.0.0
19.0.1
20.*
20.0.0.0rc1
20.0.0
20.0.1
21.*
21.0.0.0rc1
21.0.0
21.0.1
22.*
22.0.0.0rc1
22.0.0
22.0.1
22.0.2
23.*
23.0.0.0rc1
23.0.0
23.0.1
23.0.2
24.*
24.0.0.0rc1
24.0.0
24.1.0
25.*
25.0.0.0rc1
25.0.0
26.*
26.0.0.0rc1
26.0.0
27.*
27.0.0.0rc1
27.0.0
28.*
28.0.0.0rc1
28.0.0