CVE 2012-3542
OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.
Related bugs and status
CVE-2012-3542 (Candidate) is related to these bugs:
Bug #1040626: [OSSA 2012-013] Update user's default tenant partially succeeds without authz
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1040626 | [OSSA 2012-013] Update user's default tenant partially succeeds without authz | OpenStack Identity (keystone) | Critical | Fix Released | ||
1040626 | [OSSA 2012-013] Update user's default tenant partially succeeds without authz | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
1040626 | [OSSA 2012-013] Update user's default tenant partially succeeds without authz | keystone (Ubuntu) | Undecided | Fix Released | ||
1040626 | [OSSA 2012-013] Update user's default tenant partially succeeds without authz | OpenStack Security Advisory | Undecided | Fix Released |
Bug #1046905: Memcached Token Backend does not support list tokens
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) | Critical | Fix Released | ||
1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu) | Undecided | Fix Released | ||
1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu Precise) | Undecided | Fix Released |
Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) | Medium | Fix Released | ||
1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) essex | Medium | Fix Released | ||
1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu) | Undecided | Fix Released | ||
1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu Precise) | Undecided | Fix Released |
Bug #1056373: memcache driver needs protection against unicode user keys
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) | Critical | Fix Released | ||
1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu) | Undecided | Fix Released | ||
1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu Precise) | Undecided | Fix Released |
Bug #1089488: Meta bug for tracking Openstack Stable Updates
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.