CVE-2012-4413 Information

Description

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles which allows remote authenticated users to retain the privileges of the revoked roles.

Reference

http://osvdb.org/85484 http://secunia.com/advisories/50531 http://secunia.com/advisories/50590 http://www.openwall.com/lists/oss-security/2012/09/12/7 http://www.securityfocus.com/bid/55524 http://www.ubuntu.com/usn/USN-1564-1 https://exchange.xforce.ibmcloud.com/vulnerabilities/78478