CVE-2012-5483
OpenStack: Keystone /etc/keystone/ec2rc secret key exposure
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.
tools/sample_data.sh en OpenStack Keystone 2012.1.3, cuando se encuentra configurado el acceso a Elastic Compute Cloud de Amazon (Amazon EC2), utiliza permisos de lectura para tdo el mundo en /etc/keystone/ec2rc, lo que permite a usuarios locales obtener acceso a los servicios EC2 mediante la lectura de informaciĆ³n de administraciĆ³n y valores secretos de este archivo.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-10-24 CVE Reserved
- 2012-12-11 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/56888 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80612 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html | 2017-08-29 | |
| http://rhn.redhat.com/errata/RHSA-2012-1556.html | 2017-08-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=873447 | 2012-12-10 | |
| https://access.redhat.com/security/cve/CVE-2012-5483 | 2012-12-10 |