CVE-2012-5483 - Vulnerability Details - OpenCVE

tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00111.

Key SSVC decision points have not yet been added.

Vendors	Products
Openstack	Keystone
Redhat	Openstack

Configuration 1 [-]

cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
OpenStack Essex for RHEL 6
openstack-keystone-0:2012.1.3-3.el6	cpe:/a:redhat:openstack:1::el6	RHSA-2012:1556	2012-12-10T00:00:00Z

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2012-5400	tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html
http://rhn.redhat.com/errata/RHSA-2012-1556.html
http://www.securityfocus.com/bid/56888
https://bugzilla.redhat.com/show_bug.cgi?id=873447
https://exchange.xforce.ibmcloud.com/vulnerabilities/80612
https://nvd.nist.gov/vuln/detail/CVE-2012-5483
https://www.cve.org/CVERecord?id=CVE-2012-5483

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-12-26T22:00:00

Updated: 2024-08-06T21:05:47.281Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5483

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-12-26T22:55:03.677

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-5483

Redhat

Severity : Low

Publid Date: 2012-11-13T00:00:00Z

Links: CVE-2012-5483 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-11-13T00:00:00", "descriptions": [{"lang": "en", "value": "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "56888", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/56888"}, {"name": "RHSA-2012:1556", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447"}, {"name": "keystone-secret-key-info-disc(80612)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"}, {"name": "FEDORA-2012-19341", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T21:05:47.281Z"}, "title": "CVE Program Container", "references": [{"name": "56888", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/56888"}, {"name": "RHSA-2012:1556", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447"}, {"name": "keystone-secret-key-info-disc(80612)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"}, {"name": "FEDORA-2012-19341", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-5483", "datePublished": "2012-12-26T22:00:00", "dateReserved": "2012-10-24T00:00:00", "dateUpdated": "2024-08-06T21:05:47.281Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "92047E47-C052-4979-9F6C-00E88CE098A1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file."}, {"lang": "es", "value": "tools/sample_data.sh en OpenStack Keystone 2012.1.3, cuando se encuentra configurado el acceso a Elastic Compute Cloud de Amazon (Amazon EC2), utiliza permisos de lectura para tdo el mundo en /etc/keystone/ec2rc, lo que permite a usuarios locales obtener acceso a los servicios EC2 mediante la lectura de informaci\u00f3n de administraci\u00f3n y valores secretos de este archivo.\r\n"}], "id": "CVE-2012-5483", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-12-26T22:55:03.677", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/56888"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-December/094286.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-1556.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/56888"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=873447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80612"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}