Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tcnh2LTY1cnYtNmh4cc4AAaC4
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Permalink: https://github.com/advisories/GHSA-mrxv-65rv-6hxqJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcnh2LTY1cnYtNmh4cc4AAaC4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-mrxv-65rv-6hxq, CVE-2012-4413
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-4413
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
- http://www.openwall.com/lists/oss-security/2012/09/12/7
- http://www.ubuntu.com/usn/USN-1564-1
- https://access.redhat.com/errata/RHSA-2012:1378
- https://access.redhat.com/security/cve/CVE-2012-4413
- https://bugs.launchpad.net/keystone/+bug/1041396
- https://bugzilla.redhat.com/show_bug.cgi?id=855491
- https://review.opendev.org/c/openstack/keystone/+/12870/
- https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
- http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
- https://github.com/advisories/GHSA-mrxv-65rv-6hxq
Blast Radius: 0.0
Affected Packages
pypi:keystone
Dependent packages: 3Dependent repositories: 37
Downloads: 6,744 last month
Affected Version Ranges: < 2012.1.3
Fixed in: 2012.1.3
All affected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 23.0.0, 23.0.1, 24.0.0, 25.0.0
All unaffected versions: