Token Revocation Flaw in OpenStack Identity by OpenStack
CVE-2013-4222
Currently unrated
Summary
The OpenStack Identity (Keystone) service prior to specific versions incorrectly handles token revocation for disabled tenants. This oversight allows remote authenticated users to maintain unauthorized access through their user tokens, even after their tenant has been disabled. This vulnerability stems from the inadequate management of user tokens, placing the integrity of the system at risk and potentially exposing sensitive resources.
References
Timeline
Vulnerability published
Vulnerability Reserved