CVE-2013-4222

Severity

65%

Complexity

80%

Confidentiality

106%

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 11 years ago

2013-09-30 22:55:00

Last updated 11 years ago

2013-12-08 06:00:00

Affected Software

OpenStack Keystone 2012.1

2012.1

OpenStack Keystone

References

FEDORA-2013-16551

RHSA-2013:1524

USN-2002-1

https://bugs.launchpad.net/ossn/+bug/1179955

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.