| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-4456 | 7.5 |
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete
|
13-02-2023 - 04:34 | 09-10-2012 - 15:55 | |
| CVE-2012-4413 | 4.0 |
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
|
13-02-2023 - 00:26 | 18-09-2012 - 17:55 | |
| CVE-2012-3542 | 4.3 |
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE:
|
13-02-2023 - 00:25 | 05-09-2012 - 23:55 | |
| CVE-2012-4457 | 4.0 |
OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.
|
16-11-2018 - 14:01 | 09-10-2012 - 15:55 |