CVE-2012-5571

Publication date 28 November 2012

Last updated 19 June 2026

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.4 · Medium

Score breakdown

Description

OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role.

Read the notes from the security team

Status

Package Ubuntu Release Status
keystone 12.10 quantal
Fixed 2012.2-0ubuntu1.2
12.04 LTS precise
Fixed 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3
11.10 oneiric Ignored
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Notes

jdstrand

Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon

Severity score breakdown

CVSS version: CVSS v3.0

Base score 5.4 · Medium

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-1641-1
    • OpenStack Keystone vulnerabilities
    • 28 November 2012

Other references

Access our resources on patching vulnerabilities