Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,721)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-5571 1Openstack 2Essex Folsom Apr 29, 2026 Dec 18, 2012 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Com...Show more A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2012-5571

1Openstack

2Essex

Folsom

Apr 29, 2026

Dec 18, 2012

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

A flaw was found in OpenStack Keystone. This vulnerability allows remote authenticated users to bypass intended authorization restrictions. This occurs because OpenStack Keystone does not properly handle EC2 (Elastic Compute Cloud) tokens when a user's role has been removed from a tenant. An attacker can leverage a token associated with a removed user role to gain unauthorized access.Show less

Previous 1...83 84 85 8687