|
|
Subscribe / Log in / New account

keystone: incorrect token revocation

Package(s):keystone CVE #(s):CVE-2013-4222
Created:October 24, 2013 Updated:November 19, 2013
Description: From the CVE entry:

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Alerts:
Red Hat RHSA-2013:1524-01 openstack-keystone 2013-11-18
Ubuntu USN-2002-1 keystone 2013-10-23
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds