CVE-2012-4457
Published: 9 October 2012
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
Notes
Author | Note |
---|---|
jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon |