Описание
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-613
https://bugzilla.redhat.com/show_bug.cgi?id=855491OpenStack-Keystone: role revocation token issues
4 Medium
CVSS2
Связанные уязвимости
ubuntu
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
nvd
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
debian
больше 13 лет назад
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when g ...
github
больше 3 лет назад
OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
4 Medium
CVSS2