CVE-2012-4456

Published: 09 October 2012

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

Priority

Medium

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian
Upstream
Released (2012.1.1-9)