CVE-2012-4413

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2012-4413

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2012-4413.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2012-4413

Aliases

GHSA-mrxv-65rv-6hxq

Published

2012-09-18T17:55:07Z

Modified

2025-04-11T00:51:21Z

Downstream

RHSA-2012:1378

Summary

[none]

Details

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

References

Affected packages

Debian:11 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.1-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}