OpenStack Keystone allows context-dependent attackers to bypass access restrictions

GHSA-8833-qrvm-wc3h · CVE-2013-0282

Published May 5, 2022 · Modified May 9, 2024

Description

OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-0282
WEB https://github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
WEB https://github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
WEB https://github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
WEB https://bugs.launchpad.net/keystone/+bug/1121494
WEB https://launchpad.net/keystone/+milestone/2012.2.4
WEB https://launchpad.net/keystone/grizzly/2013.1
WEB https://review.openstack.org/#/c/22319
WEB https://review.openstack.org/#/c/22320
WEB https://review.openstack.org/#/c/22321
WEB http://www.openwall.com/lists/oss-security/2013/02/19/3

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes