Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3542

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3542
Last Modified 13 Sep 2012 12:00:00
Published 05 Sep 2012 07:55:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3542

Summary

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

Vulnerable Systems

Application

  • Openstack Essex 2012.1

  • Openstack Horizon Folsom-3


References

MLIST - [openstack] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)

CONFIRM - https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa

CONFIRM - https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155

CONFIRM - https://bugs.launchpad.net/keystone/+bug/1040626

UBUNTU - USN-1552-1

BID - 55326

MLIST - [oss-security] 20120830 [OSSA 2012-013] Keystone, Lack of authorization for adding users to tenants (CVE-2012-3542)

SECUNIA - 50494

SECUNIA - 50467


Last Updated: 27 May 2016 11:00:29