VulnerableCode Package Details - pkg:rpm/redhat/openstack-keystone@2012.1.2-4?arch=el6

Search for packages

Vulnerability	Summary	Fixed by
VCID-2ggr-pe4y-y3cn Aliases: CVE-2012-3542 GHSA-gf2q-j2qq-pjf2 PYSEC-2012-19	OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.	There are no reported fixed by versions.
VCID-89vf-n61h-k3b2 Aliases: CVE-2012-4413 GHSA-mrxv-65rv-6hxq	OpenStack Keystone does not invalidate existing tokens when granting or revoking roles OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.	There are no reported fixed by versions.
VCID-enq4-sb38-6kfz Aliases: CVE-2012-4457 GHSA-x8h4-xf47-pqc3	Improper Authentication OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.	There are no reported fixed by versions.
VCID-s84r-551v-u7b6 Aliases: CVE-2012-4456 GHSA-mf98-r2gf-2x3w	Improper Authentication CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-2ggr-pe4y-y3cn
Aliases:
CVE-2012-3542
GHSA-gf2q-j2qq-pjf2
PYSEC-2012-19

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

There are no reported fixed by versions.

VCID-89vf-n61h-k3b2
Aliases:
CVE-2012-4413
GHSA-mrxv-65rv-6hxq

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

There are no reported fixed by versions.

VCID-enq4-sb38-6kfz
Aliases:
CVE-2012-4457
GHSA-x8h4-xf47-pqc3

Improper Authentication OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant.

There are no reported fixed by versions.

VCID-s84r-551v-u7b6
Aliases:
CVE-2012-4456
GHSA-mf98-r2gf-2x3w

Improper Authentication CVE-2012-4456 Openstack Keystone 2012.1.1: fails to validate tokens in Admin API

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:55:38.207668+00:00	RedHat Importer	Affected by	VCID-enq4-sb38-6kfz	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4457.json	38.0.0
2026-04-01T14:55:37.756514+00:00	RedHat Importer	Affected by	VCID-s84r-551v-u7b6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4456.json	38.0.0
2026-04-01T14:54:26.500710+00:00	RedHat Importer	Affected by	VCID-2ggr-pe4y-y3cn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3542.json	38.0.0
2026-04-01T14:54:20.226735+00:00	RedHat Importer	Affected by	VCID-89vf-n61h-k3b2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4413.json	38.0.0