VYPR
High severityNVD Advisory· Published Oct 9, 2012· Updated Jun 16, 2026

CVE-2012-4456

CVE-2012-4456

Description

The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonePyPI
>= 2012.1, < 2012.1.22012.1.2

Affected products

3
  • cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*range: >=2012.1,<2012.1.2
    • cpe:2.3:a:openstack:keystone:2012.2:milestone1:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2012.1, < 2012.1.2

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.