CVE-2012-4413 – keystone

Package

Manager: pip
Name: keystone
Vulnerable Version: >=0 <2012.1.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00428 pctl0.61634

Details

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Metadata

Created: 2022-05-17T01:42:10Z
Modified: 2023-02-08T17:55:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mrxv-65rv-6hxq/GHSA-mrxv-65rv-6hxq.json
CWE IDs: []
Alternative ID: GHSA-mrxv-65rv-6hxq
Finding: F076
Auto approve: 1