CVE-2013-2059
published 2013-05-21CVE-2013-2059: OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when…
medium6CVSS 3.1
AVNACMAuSCPIPAP
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2013.1.1-2 (bookworm) | keystone 2013.1.1-2 (bookworm) |
| openstack | keystone | — | — |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
CVSS provenance
nvd6.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM