OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
References
Configurations
History
13 Feb 2023, 00:26
Type | Values Removed | Values Added |
---|---|---|
Summary | OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | |
References |
|
02 Feb 2023, 18:16
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2012-4413 OpenStack-Keystone: role revocation token issues | |
References |
|
Information
Published : 2012-09-18 17:55
Updated : 2023-12-10 11:16
NVD link : CVE-2012-4413
Mitre link : CVE-2012-4413
CVE.ORG link : CVE-2012-4413
JSON object : View
Products Affected
openstack
- keystone
CWE
CWE-264
Permissions, Privileges, and Access Controls