DescriptionOpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SU-2012:1206-1, published Tue Sep 18 07:08:41 MDT 2012
- SUSE-SU-2012:1352-1, published Tue Oct 16 15:08:27 MDT 2012
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE OpenStack Cloud 6|| |