DescriptionOpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
|National Vulnerability Database|
SUSE Security Advisories:
- SUSE-SU-2012:1206-1, published Tue Sep 18 07:08:41 MDT 2012
- SUSE-SU-2012:1352-1, published Tue Oct 16 15:08:27 MDT 2012
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE OpenStack Cloud 6|| ||Patchnames: |
SUSE OpenStack Cloud 6 GA openstack-keystone-8.0.2~a0~dev34-1.4
SUSE OpenStack Cloud 6 GA openstack-keystone-8.0.2~a0~dev8-1.2
SUSE Timeline for this CVECVE page created: Fri Jun 28 08:45:21 2013
CVE page last modified: Mon Feb 13 11:38:56 2023