OpenStack Identity Token Revocation Vulnerability in Keystone
CVE-2014-5253
Currently unrated
Summary
OpenStack Identity (Keystone) before version 2014.1.2.1 and Juno before Juno-3 exhibits a vulnerability where domain-scoped tokens are not properly revoked when a domain becomes invalid. This lack of revocation allows remote authenticated users to maintain access to the domain's resources, posing significant security risks to the affected systems.
References
Timeline
Vulnerability published
Vulnerability Reserved