Upstream information
Description
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| National Vulnerability Database | |
|---|---|
| Base Score | 4 |
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
SUSE Security Advisories:
- SUSE-SU-2012:1206-1, published Tue Sep 18 07:08:41 MDT 2012
- SUSE-SU-2012:1352-1, published Tue Oct 16 15:08:27 MDT 2012
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE OpenStack Cloud 6 |
| Patchnames: SUSE OpenStack Cloud 6 GA openstack-keystone-8.0.2~a0~dev34-1.4 SUSE OpenStack Cloud 6 GA openstack-keystone-8.0.2~a0~dev8-1.2 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 08:45:21 2013CVE page last modified: Sat Jun 15 21:40:54 2024