Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1tcnh2LTY1cnYtNmh4cc4AAaC4

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles

OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Permalink: https://github.com/advisories/GHSA-mrxv-65rv-6hxq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tcnh2LTY1cnYtNmh4cc4AAaC4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


Identifiers: GHSA-mrxv-65rv-6hxq, CVE-2012-4413
References: Repository: https://github.com/openstack/keystone
Blast Radius: 0.0

Affected Packages

pypi:keystone
Dependent packages: 3
Dependent repositories: 37
Downloads: 17,946 last month
Affected Version Ranges: < 2012.1.3
Fixed in: 2012.1.3
All affected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 22.0.2, 23.0.0, 23.0.1, 23.0.2, 24.0.0, 25.0.0, 26.0.0
All unaffected versions: