{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_vex", "csaf_version": "2.0", "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "title": "OpenStack Keystone: Authorization bypass via improper EC2 token handling", "tracking": { "current_release_date": "2026-05-07T12:26:57+00:00", "generator": { "date": "2026-05-07T12:26:57+00:00", "engine": { "name": "CSAF Generator", "version": "2.0.1" } }, "id": "CVE-2012-5571", "initial_release_date": "2012-12-18T01:00:00+00:00", "revision_history": [ { "date": "2026-05-07T12:26:57+00:00", "number": "1", "summary": "Last generated version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "category": "vendor", "name": "Red Hat", "branches": [ { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-13.0.z", "product": { "name": "Red Hat OpenStack Platform rhos-13.0.z", "product_id": "openstack-13", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:13" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-16.2.z", "product": { "name": "Red Hat OpenStack Platform rhos-16.2.z", "product_id": "openstack-16.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:16.2" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-17.1.z", "product": { "name": "Red Hat OpenStack Platform rhos-17.1.z", "product_id": "openstack-17.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:17.1" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform rhos-18.0.0", "product": { "name": "Red Hat OpenStack Platform rhos-18.0.0", "product_id": "openstack-18.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:18.0" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform", "product": { "name": "Red Hat OpenStack Platform", "product_id": "openstack-foreman::el6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:1::el6" } } }, { "category": "product_name", "name": "Red Hat OpenStack Platform", "product": { "name": "Red Hat OpenStack Platform", "product_id": "rhoscts::el6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openstack:1::el6" } } }, { "category": "product_version", "name": "openstack-keystone", "product": { "name": "openstack-keystone", "product_id": "openstack-keystone-0:2012.1.3-3.el6", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-keystone@2012.1.3-3.el6?epoch=0" } } }, { "category": "product_version", "name": "openstack-keystone", "product": { "name": "openstack-keystone", "product_id": "openstack-keystone-0:2012.2.1-1.el6ost", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-keystone@2012.2.1-1.el6ost?epoch=0" } } }, { "category": "product_version", "name": "openstack-keystone", "product": { "name": "openstack-keystone", "product_id": "openstack-keystone.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openstack-keystone?arch=src" } } }, { "category": "product_version", "name": "redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "product": { "name": "redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "product_id": "redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "product_identification_helper": { "purl": "pkg:oci/openstack-keystone?repository_url=quay.io/redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone" } } }, { "category": "product_version", "name": "redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "product": { "name": "redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "product_id": "redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "product_identification_helper": { "purl": "pkg:oci/openstack-keystone?repository_url=quay.io/redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone" } } }, { "category": "product_version", "name": "redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "product": { "name": "redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "product_id": "redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "product_identification_helper": { "purl": "pkg:oci/openstack-keystone?repository_url=quay.io/redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone" } } }, { "category": "product_version", "name": "redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "product": { "name": "redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "product_id": "redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "product_identification_helper": { "purl": "pkg:oci/openstack-keystone?repository_url=quay.io/redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone" } } } ] } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone-0:2012.1.3-3.el6 as a component of Red Hat OpenStack Platform", "product_id": "openstack-foreman::el6:openstack-keystone-0:2012.1.3-3.el6" }, "product_reference": "openstack-keystone-0:2012.1.3-3.el6", "relates_to_product_reference": "openstack-foreman::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone-0:2012.1.3-3.el6 as a component of Red Hat OpenStack Platform", "product_id": "rhoscts::el6:openstack-keystone-0:2012.1.3-3.el6" }, "product_reference": "openstack-keystone-0:2012.1.3-3.el6", "relates_to_product_reference": "rhoscts::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone-0:2012.2.1-1.el6ost as a component of Red Hat OpenStack Platform", "product_id": "rhoscts::el6:openstack-keystone-0:2012.2.1-1.el6ost" }, "product_reference": "openstack-keystone-0:2012.2.1-1.el6ost", "relates_to_product_reference": "rhoscts::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone-0:2012.2.1-1.el6ost as a component of Red Hat OpenStack Platform", "product_id": "openstack-foreman::el6:openstack-keystone-0:2012.2.1-1.el6ost" }, "product_reference": "openstack-keystone-0:2012.2.1-1.el6ost", "relates_to_product_reference": "openstack-foreman::el6" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone.src as a component of Red Hat OpenStack Platform rhos-18.0.0", "product_id": "openstack-18.0:openstack-keystone.src" }, "product_reference": "openstack-keystone.src", "relates_to_product_reference": "openstack-18.0" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone.src as a component of Red Hat OpenStack Platform rhos-17.1.z", "product_id": "openstack-17.1:openstack-keystone.src" }, "product_reference": "openstack-keystone.src", "relates_to_product_reference": "openstack-17.1" }, { "category": "default_component_of", "full_product_name": { "name": "openstack-keystone.src as a component of Red Hat OpenStack Platform rhos-16.2.z", "product_id": "openstack-16.2:openstack-keystone.src" }, "product_reference": "openstack-keystone.src", "relates_to_product_reference": "openstack-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone as a component of Red Hat OpenStack Platform rhos-13.0.z", "product_id": "openstack-13:redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone" }, "product_reference": "redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "relates_to_product_reference": "openstack-13" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone as a component of Red Hat OpenStack Platform rhos-16.2.z", "product_id": "openstack-16.2:redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone" }, "product_reference": "redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "relates_to_product_reference": "openstack-16.2" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone as a component of Red Hat OpenStack Platform rhos-17.1.z", "product_id": "openstack-17.1:redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone" }, "product_reference": "redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "relates_to_product_reference": "openstack-17.1" }, { "category": "default_component_of", "full_product_name": { "name": "redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone as a component of Red Hat OpenStack Platform rhos-18.0.0", "product_id": "openstack-18.0:redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone" }, "product_reference": "redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "relates_to_product_reference": "openstack-18.0" } ] }, "vulnerabilities": [ { "cve": "CVE-2012-5571", "cwe": { "id": "CWE-639", "name": "Authorization Bypass Through User-Controlled Key" }, "discovery_date": "2026-04-02T15:02:50+00:00", "notes": [ { "category": "description", "text": "A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.", "title": "Vulnerability description" } ], "product_status": { "fixed": [ "openstack-foreman::el6:openstack-keystone-0:2012.1.3-3.el6", "openstack-foreman::el6:openstack-keystone-0:2012.2.1-1.el6ost", "rhoscts::el6:openstack-keystone-0:2012.1.3-3.el6", "rhoscts::el6:openstack-keystone-0:2012.2.1-1.el6ost" ], "known_affected": [ "openstack-13:redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "openstack-16.2:openstack-keystone.src", "openstack-16.2:redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "openstack-17.1:openstack-keystone.src", "openstack-17.1:redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "openstack-18.0:openstack-keystone.src", "openstack-18.0:redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-5571" }, { "category": "external", "summary": "nvd.nist.gov", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5571" }, { "category": "external", "summary": "www.cve.org", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5571" } ], "remediations": [ { "category": "none_available", "details": "Affected", "product_ids": [ "openstack-13:redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "openstack-16.2:openstack-keystone.src", "openstack-16.2:redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "openstack-17.1:openstack-keystone.src", "openstack-17.1:redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "openstack-18.0:openstack-keystone.src", "openstack-18.0:redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone" ] }, { "category": "vendor_fix", "date": "2012-12-10T21:00:40+00:00", "details": "Apply advisory RHSA-2012:1556 as per vendors instructions.", "product_ids": [ "openstack-foreman::el6:openstack-keystone-0:2012.1.3-3.el6", "rhoscts::el6:openstack-keystone-0:2012.1.3-3.el6" ], "url": "https://access.redhat.com/errata/RHSA-2012:1556" }, { "category": "vendor_fix", "date": "2012-12-10T21:00:32+00:00", "details": "Apply advisory RHSA-2012:1557 as per vendors instructions.", "product_ids": [ "openstack-foreman::el6:openstack-keystone-0:2012.2.1-1.el6ost", "rhoscts::el6:openstack-keystone-0:2012.2.1-1.el6ost" ], "url": "https://access.redhat.com/errata/RHSA-2012:1557" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM" }, "products": [ "openstack-13:redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "openstack-16.2:openstack-keystone.src", "openstack-16.2:redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "openstack-17.1:openstack-keystone.src", "openstack-17.1:redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "openstack-18.0:openstack-keystone.src", "openstack-18.0:redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "openstack-foreman::el6:openstack-keystone-0:2012.1.3-3.el6", "openstack-foreman::el6:openstack-keystone-0:2012.2.1-1.el6ost", "rhoscts::el6:openstack-keystone-0:2012.1.3-3.el6", "rhoscts::el6:openstack-keystone-0:2012.2.1-1.el6ost" ] } ], "threats": [ { "category": "impact", "details": "Moderate", "product_ids": [ "openstack-13:redhat-user-workloads/openstack-tenant/openstack-13/openstack-keystone/openstack-keystone", "openstack-16.2:openstack-keystone.src", "openstack-16.2:redhat-user-workloads/openstack-tenant/openstack-16-2/openstack-keystone/openstack-keystone", "openstack-17.1:openstack-keystone.src", "openstack-17.1:redhat-user-workloads/openstack-tenant/openstack-17-1-rhel-9/openstack-keystone/openstack-keystone", "openstack-18.0:openstack-keystone.src", "openstack-18.0:redhat-user-workloads/openstack-tenant/openstack-18-0-17/openstack-keystone/openstack-keystone", "openstack-foreman::el6:openstack-keystone-0:2012.1.3-3.el6", "openstack-foreman::el6:openstack-keystone-0:2012.2.1-1.el6ost", "rhoscts::el6:openstack-keystone-0:2012.1.3-3.el6", "rhoscts::el6:openstack-keystone-0:2012.2.1-1.el6ost" ] } ], "title": "OpenStack Keystone: Authorization bypass via improper EC2 token handling" } ] }