VYPR
Moderate severityNVD Advisory· Published Jul 31, 2012· Updated Jun 16, 2026

CVE-2012-3426

CVE-2012-3426

Description

OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
KeystonePyPI
< 8.0.0a08.0.0a0

Affected products

5
  • cpe:2.3:a:openstack:essex:*:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:horizon:folsom-1:*:*:*:*:*:*:*
  • cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2012.1.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 8.0.0a0

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.