CVE-2013-4222

Currently unrated

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 30 September 2013

Summary

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

References

http://rhn.redhat.com/errata/RHSA-2013-1524.html

vendor-advisoryx_refsource_REDHAT

http://www.ubuntu.com/usn/USN-2002-1

vendor-advisoryx_refsource_UBUNTU

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Sep 30, 2013
Vulnerability Reserved
Jun 12, 2013