Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4413

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-4413
Last Modified 19 Sep 2012 12:00:00
Published 18 Sep 2012 01:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4413

Summary

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Vulnerable Systems

Application

  • Openstack Keystone 2012.1.3


References

XF - keystone-roles-sec-bypass(78478)

UBUNTU - USN-1564-1

BID - 55524

MLIST - [oss-security] 20120912 [OSSA 2012-014] Revoking a role does not affect existing tokens (CVE-2012-4413)

SECUNIA - 50590

SECUNIA - 50531

OSVDB - 85484


Last Updated: 27 May 2016 11:00:44