Описание
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-4413
- https://access.redhat.com/errata/RHSA-2012:1378
- https://access.redhat.com/security/cve/CVE-2012-4413
- https://bugs.launchpad.net/keystone/+bug/1041396
- https://bugzilla.redhat.com/show_bug.cgi?id=855491
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
- https://review.opendev.org/c/openstack/keystone/+/12870
- https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
- http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
- http://www.openwall.com/lists/oss-security/2012/09/12/7
- http://www.ubuntu.com/usn/USN-1564-1
Пакеты
keystone
< 2012.1.3
2012.1.3
EPSS
CVE ID
Связанные уязвимости
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...
EPSS