GHSA-mrxv-65rv-6hxq

Source

https://github.com/advisories/GHSA-mrxv-65rv-6hxq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mrxv-65rv-6hxq/GHSA-mrxv-65rv-6hxq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mrxv-65rv-6hxq

Aliases

CVE-2012-4413

Published

2022-05-17T01:42:10Z

Modified

2024-12-04T05:41:40.307230Z

Summary

OpenStack Keystone does not invalidate existing tokens when granting or revoking roles

Details

OpenStack Keystone before 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [],
    "github_reviewed_at": "2023-02-08T17:55:57Z",
    "nvd_published_at": "2012-09-18T17:55:00Z",
    "severity": "MODERATE"
}

References

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2012.1.3

Affected versions

12.*

12.0.2

12.0.3

13.*

13.0.2

13.0.3

13.0.4

14.*

14.0.0

14.0.1

14.1.0

14.2.0

15.*

15.0.0.0rc1

15.0.0.0rc2

15.0.0

15.0.1

16.*

16.0.0.0rc1

16.0.0.0rc2

16.0.0

16.0.1

16.0.2

17.*

17.0.0.0rc1

17.0.0.0rc2

17.0.0

17.0.1

18.*

18.0.0.0rc1

18.0.0

18.1.0

19.*

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.0.1

20.*

20.0.0.0rc1

20.0.0

20.0.1

21.*

21.0.0.0rc1

21.0.0

21.0.1

22.*

22.0.0.0rc1

22.0.0

22.0.1

22.0.2

23.*

23.0.0.0rc1

23.0.0

23.0.1

23.0.2

24.*

24.0.0.0rc1

24.0.0

25.*

25.0.0.0rc1

25.0.0

26.*

26.0.0.0rc1

26.0.0