CVE-2012-5563

medium

Published 2012-12-18 · Modified 2025-10-09

CVSS v3

—

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2

4.0

VIR risk

4.0

Description

OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issue exists because of a CVE-2012-3426 regression.

Predictions

Exploit likelihood

30%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-5563

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2012/11/28/6

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2012/11/28/5

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/51436

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/51423

OS impact

OS	Version	Status	Fixed in
debian	bookworm	fixed	`0`
debian	bullseye	fixed	`0`
debian	forky	fixed	`0`
debian	sid	fixed	`0`
debian	trixie	fixed	`0`

Package impact

Ecosystem	Package	Vulnerable	Fixed
PyPI	keystone	`<8.0.0`	`8.0.0`
PyPI	keystone	`<f9d4766249a72d8f88d75dcf1575b28dd3496681`	`38c7e46a640a94da4da89a39a5a1ea9c081f1eb5`

Application impact

Vendor	Product	Versions	Fixed
openstack	folsom	`2012.2`

References

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.