CVE-2012-4413
EPSS 0.43%OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
發布日:2022/5/17修改日:2026/4/28
也稱為:DEBIAN-CVE-2012-4413
描述
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
受影響套件(2)
- Debian/keystonefrom 0, < 2012.1.1-6
- PyPI/keystonefrom 0, < 2012.1.3
參考連結(13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-4413
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2012-4413
- PATCHhttps://opendev.org/openstack/keystone
- WEBhttp://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
- WEBhttps://access.redhat.com/errata/RHSA-2012:1378
- WEBhttps://access.redhat.com/security/cve/CVE-2012-4413
- WEBhttps://bugs.launchpad.net/keystone/+bug/1041396
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=855491
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78478
- WEBhttps://review.opendev.org/c/openstack/keystone/+/12870
- WEBhttps://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
- WEBhttp://www.openwall.com/lists/oss-security/2012/09/12/7
- WEBhttp://www.ubuntu.com/usn/USN-1564-1