High severityNVD Advisory· Published Dec 18, 2012· Updated Jun 16, 2026
CVE-2012-5563
CVE-2012-5563
Description
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
keystonePyPI | < 8.0.0 | 8.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
17- www.openwall.com/lists/oss-security/2012/11/28/5nvdPatchWEB
- www.openwall.com/lists/oss-security/2012/11/28/6nvdPatchWEB
- secunia.com/advisories/51423nvdVendor Advisory
- secunia.com/advisories/51436nvdVendor Advisory
- github.com/advisories/GHSA-w66p-78g4-mr7gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-5563ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2012-1557.htmlnvdWEB
- www.ubuntu.com/usn/USN-1641-1nvdWEB
- bugs.launchpad.net/keystone/+bug/1079216nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/80370nvdWEB
- github.com/openstack/keystone/commit/38c7e46a640a94da4da89a39a5a1ea9c081f1eb5nvdWEB
- github.com/openstack/keystone/commit/f9d4766249a72d8f88d75dcf1575b28dd3496681nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2012-20.yamlghsaWEB
- web.archive.org/web/20121201003009/http://secunia.com/advisories/51423ghsaWEB
- web.archive.org/web/20140802122732/http://secunia.com/advisories/51436ghsaWEB
- web.archive.org/web/20200228144943/http://www.securityfocus.com/bid/56727ghsaWEB
- www.securityfocus.com/bid/56727nvd
News mentions
0No linked articles in our index yet.