CVE-2013-4222
published 2013-09-30CVE-2013-4222: OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled…
medium6.5CVSS 3.1
AVNACLAuSCPIPAP
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | keystone | < keystone 2013.1.3-1 (bookworm) | keystone 2013.1.3-1 (bookworm) |
| fedoraproject | fedora | — | — |
| openstack | keystone | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | keystone | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | keystone | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | keystone | >= 0 < 2013.1.3-1 | 2013.1.3-1 |
| openstack | keystone | 2013.1 – 2013.1.3 | — |
| redhat | openstack | — | — |
CVSS provenance
nvd6.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM