Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1nZjJxLWoycXEtcGpmMs4AAfgV

OpenStack Keystone Allows Remote User Account Creation

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

Permalink: https://github.com/advisories/GHSA-gf2q-j2qq-pjf2
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nZjJxLWoycXEtcGpmMs4AAfgV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: 3 months ago


Identifiers: GHSA-gf2q-j2qq-pjf2, CVE-2012-3542
References: Repository: https://github.com/openstack/keystone

Affected Packages

pypi:keystone
Dependent packages: 3
Dependent repositories: 37
Downloads: 6,812 last month
Affected Version Ranges: < 2012.1
Fixed in: 2012.1
All affected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 23.0.0, 23.0.1, 24.0.0
All unaffected versions: