Token Revocation Flaw in OpenStack Identity by OpenStack
CVE-2013-4222

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
30 September 2013

Summary

The OpenStack Identity (Keystone) service prior to specific versions incorrectly handles token revocation for disabled tenants. This oversight allows remote authenticated users to maintain unauthorized access through their user tokens, even after their tenant has been disabled. This vulnerability stems from the inadequate management of user tokens, placing the integrity of the system at risk and potentially exposing sensitive resources.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.