Vulnerability Details CVE-2012-4413
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.4%
CVSS Severity
CVSS v2 Score 4.0
References
- http://osvdb.org/85484
- http://secunia.com/advisories/50531
- http://secunia.com/advisories/50590
- http://www.openwall.com/lists/oss-security/2012/09/12/7
- http://www.securityfocus.com/bid/55524
- http://www.ubuntu.com/usn/USN-1564-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
- http://osvdb.org/85484
- http://secunia.com/advisories/50531
- http://secunia.com/advisories/50590
- http://www.openwall.com/lists/oss-security/2012/09/12/7
- http://www.securityfocus.com/bid/55524
- http://www.ubuntu.com/usn/USN-1564-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78478