CVE-2013-2059

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2059 at MITRE

Description

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

NVD CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

SUSE information

SUSE Bugzilla entries: 818596, 819353

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Cloud 1.0
  • openstack-keystone >= 2012.1+git.1361360075.f48dd0f-0.5.1
  • openstack-keystone-doc >= 2012.1+git.1361360075.f48dd0f-0.5.1
  • python-keystone >= 2012.1+git.1361360075.f48dd0f-0.5.1
Builds
SAT Patch Nr: 7863
openSUSE 12.3
  • openstack-keystone >= 2012.2.4+git.1363796849.255b1d4-3.12.1
  • openstack-keystone-doc >= 2012.2.4+git.1363796849.255b1d4-3.12.1
  • openstack-keystone-test >= 2012.2.4+git.1363796849.255b1d4-3.12.1
  • python-keystone >= 2012.2.4+git.1363796849.255b1d4-3.12.1
Patchnames:
openSUSE-2013-434