CVE-2012-4413: OpenStack Keystone does not invalidate existing tokens when granting or revoking roles
(updated )
CVE-2012-4413 OpenStack-Keystone: role revocation token issues
References
- github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
- www.openwall.com/lists/oss-security/2012/09/12/7
- www.ubuntu.com/usn/USN-1564-1
- access.redhat.com/errata/RHSA-2012:1378
- access.redhat.com/security/cve/CVE-2012-4413
- bugs.launchpad.net/keystone/+bug/1041396
- bugzilla.redhat.com/show_bug.cgi?id=855491
- exchange.xforce.ibmcloud.com/vulnerabilities/78478
- github.com/advisories/GHSA-mrxv-65rv-6hxq
- nvd.nist.gov/vuln/detail/CVE-2012-4413
- review.opendev.org/c/openstack/keystone/+/12870/
- web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524
Detect and mitigate CVE-2012-4413 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →