{"id":"PYSEC-2012-19","details":"OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API.  NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540.","aliases":["CVE-2012-3542","GHSA-gf2q-j2qq-pjf2"],"modified":"2025-10-09T05:18:28.079731Z","published":"2012-09-05T23:55:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/50467"},{"type":"FIX","url":"https://github.com/openstack/keystone/commit/5438d3b5a219d7c8fa67e66e538d325a61617155"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1040626"},{"type":"WEB","url":"http://www.securityfocus.com/bid/55326"},{"type":"FIX","url":"https://github.com/openstack/keystone/commit/c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2012/08/30/6"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1552-1"},{"type":"ADVISORY","url":"http://secunia.com/advisories/50494"},{"type":"WEB","url":"https://lists.launchpad.net/openstack/msg16282.html"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"GIT","repo":"https://github.com/openstack/keystone","events":[{"introduced":"0"},{"fixed":"5438d3b5a219d7c8fa67e66e538d325a61617155"},{"fixed":"c13d0ba606f7b2bdc609a7f388334e5efec3f3aa"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.0.2","12.0.3","13.0.2","13.0.3","13.0.4","14.0.0","14.0.1","14.1.0","14.2.0","15.0.0","15.0.0.0rc1","15.0.0.0rc2","15.0.1","16.0.0","16.0.0.0rc1","16.0.0.0rc2","16.0.1","16.0.2","17.0.0","17.0.0.0rc1","17.0.0.0rc2","17.0.1","18.0.0","18.0.0.0rc1","18.1.0","19.0.0","19.0.0.0rc1","19.0.0.0rc2","19.0.1","20.0.0","20.0.0.0rc1","20.0.1","21.0.0","21.0.0.0rc1","21.0.1","22.0.0","22.0.0.0rc1","22.0.1","23.0.0","23.0.0.0rc1","23.0.1","24.0.0","24.0.0.0rc1","22.0.2","23.0.2","24.1.0","25.0.0","25.0.0.0rc1","26.0.0","26.0.0.0rc1","27.0.0","27.0.0.0rc1","28.0.0","28.0.0.0rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2012-19.yaml"}}],"schema_version":"1.7.3"}