CVE-2013-0282: OpenStack Keystone allows context-dependent attackers to bypass access restrictions
(updated )
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
References
- bugs.launchpad.net/keystone/+bug/1121494
- github.com/advisories/GHSA-8833-qrvm-wc3h
- github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9f
- github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6f
- github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081a
- launchpad.net/keystone/+milestone/2012.2.4
- launchpad.net/keystone/grizzly/2013.1
- nvd.nist.gov/vuln/detail/CVE-2013-0282
- review.openstack.org/
- review.openstack.org/
- review.openstack.org/
Detect and mitigate CVE-2013-0282 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →