Published: 18/09/2012 Updated: 13/02/2023

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack keystone 2012.1.3

Synopsis Important: openstack-keystone security update Type/Severity Security Advisory: Important Topic Updated openstack-keystone packages that fix multiple security issues arenow available for Red Hat OpenStack EssexThe Red Hat Security Response Team has rated this update as havingimportant security impa ...

Debian Bug report logs - #687428 CVE-2012-4413: Revoking a role does not affect existing tokens Package: keystone; Maintainer for keystone is Debian OpenStack <team+openstack@trackerdebianorg>; Source for keystone is src:keystone (PTS, buildd, popcon) Reported by: Thomas Goirand <zigo@debianorg> Date: Wed, 12 Sep ...

OpenStack Keystone did not properly handle user role changes ...

CWE-264 http://secunia.com/advisories/50590 http://www.ubuntu.com/usn/USN-1564-1 http://osvdb.org/85484 http://www.securityfocus.com/bid/55524 http://www.openwall.com/lists/oss-security/2012/09/12/7 http://secunia.com/advisories/50531 https://exchange.xforce.ibmcloud.com/vulnerabilities/78478 https://access.redhat.com/errata/RHSA-2012:1378 https://usn.ubuntu.com/1564-1/https://nvd.nist.gov

CVE-2012-4413

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect