Описание
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:openstack:keystone:2012.1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00428
Низкий
4 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
redhat
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
debian
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...
github
больше 3 лет назад
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
EPSS
Процентиль: 62%
0.00428
Низкий
4 Medium
CVSS2
Дефекты
CWE-264