CVE-2013-4222
OpenStack Keystone < 2013.1.3 - Insufficiently Protected Credentials
Title source: llmDescription
OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1524.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2002-1
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/ossn/+bug/1179955
Scores
EPSS
0.0058
EPSS Percentile
69.1%
Details
CWE
CWE-522
Status
published
Products (5)
canonical/ubuntu_linux
12.10
canonical/ubuntu_linux
13.04
fedoraproject/fedora
20
openstack/keystone
2013.1 - 2013.1.3
redhat/openstack
3.0
Published
Sep 30, 2013
Tracked Since
Feb 18, 2026