PYSEC-2012-19

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2012-19.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2012-19

Aliases

Published

2012-09-05T23:55:00Z

Modified

2025-09-19T01:45:04.309797Z

Summary

[none]

Details

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.

References

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: GIT
Repo: https://github.com/openstack/keystone
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5438d3b5a219d7c8fa67e66e538d325a61617155

Fixed

c13d0ba606f7b2bdc609a7f388334e5efec3f3aa

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

12.*

12.0.2

12.0.3

13.*

13.0.2

13.0.3

13.0.4

14.*

14.0.0

14.0.1

14.1.0

14.2.0

15.*

15.0.0.0rc1

15.0.0.0rc2

15.0.0

15.0.1

16.*

16.0.0.0rc1

16.0.0.0rc2

16.0.0

16.0.1

16.0.2

17.*

17.0.0.0rc1

17.0.0.0rc2

17.0.0

17.0.1

18.*

18.0.0.0rc1

18.0.0

18.1.0

19.*

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.0.1

20.*

20.0.0.0rc1

20.0.0

20.0.1

21.*

21.0.0.0rc1

21.0.0

21.0.1

22.*

22.0.0.0rc1

22.0.0

22.0.1

22.0.2

23.*

23.0.0.0rc1

23.0.0

23.0.1

23.0.2

24.*

24.0.0.0rc1

24.0.0

24.1.0

25.*

25.0.0.0rc1

25.0.0

26.*

26.0.0.0rc1

26.0.0

27.*

27.0.0.0rc1

27.0.0

28.*

28.0.0.0rc1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2012-19.yaml"