CVE-2012-4413

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-4413
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

4.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://osvdb.org/85484
http://secunia.com/advisories/50531 Vendor Advisory
http://secunia.com/advisories/50590 Vendor Advisory
http://www.openwall.com/lists/oss-security/2012/09/12/7
http://www.securityfocus.com/bid/55524
http://www.ubuntu.com/usn/USN-1564-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
Configurations

Configuration 1 (hide)

cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
History

13 Feb 2023, 00:26

Type Values Removed Values Added
Summary CVE-2012-4413 OpenStack-Keystone: role revocation token issues OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:1378', 'name': 'https://access.redhat.com/errata/RHSA-2012:1378', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=855491', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=855491', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2012-4413', 'name': 'https://access.redhat.com/security/cve/CVE-2012-4413', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 18:16

Type Values Removed Values Added
Summary OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. CVE-2012-4413 OpenStack-Keystone: role revocation token issues
References
  • (MISC) https://access.redhat.com/errata/RHSA-2012:1378 -
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=855491 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2012-4413 -
Information

Published : 2012-09-18 17:55

Updated : 2023-12-10 11:16

NVD link : CVE-2012-4413

Mitre link : CVE-2012-4413

CVE.ORG link : CVE-2012-4413

JSON object : View

Products Affected

openstack

  • keystone
CWE
CWE-264

Permissions, Privileges, and Access Controls