Launchpad.net

CVE 2013-4222

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

Related bugs and status

CVE-2013-4222 (Candidate) is related to these bugs:

Bug #1179955: Disabling a tenant would not disable a user token

		In	Importance	Status
1179955	Disabling a tenant would not disable a user token	OpenStack Identity (keystone)	High	Fix Released
1179955	Disabling a tenant would not disable a user token	OpenStack Security Notes	High	Fix Released
1179955	Disabling a tenant would not disable a user token	keystone (Gentoo Linux)	Low	Fix Released
1179955	Disabling a tenant would not disable a user token	OpenStack Identity (keystone) folsom	High	Fix Released
1179955	Disabling a tenant would not disable a user token	OpenStack Identity (keystone) grizzly	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-4222

Related bugs and status

Related bugs

References