Lucene search
Veracode Vulnerability DatabaseVERACODE:11415HistoryJan 15, 2019 - 9:01 a.m.
Improper Token Invalidation
2019-01-1509:01:39
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
EPSS
0.003
Percentile
68.5%
The openstack-keystone packages is vulnerable to improper token invalidation. It is possible because it does not revoke the tokens issued to a tenant upon disabling the tenant, leaving the tenant to access the resources supposed to be restricted.
References
lists.fedoraproject.org/pipermail/package-announce/2013-September/116489.html
rhn.redhat.com/errata/RHSA-2013-1524.html
www.ubuntu.com/usn/USN-2002-1
access.redhat.com/errata/RHSA-2013:1524
access.redhat.com/security/cve/CVE-2013-4222
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/ossn/+bug/1179955
bugzilla.redhat.com/show_bug.cgi?id=1012694
bugzilla.redhat.com/show_bug.cgi?id=995598
rhn.redhat.com/errata/RHSA-2013-1524.html
Related
debiancve
debiancve
CVE-2013-4222
2013-09-30 22:55:04
cvelist
cvelist
CVE-2013-4222
2013-09-30 20:00:00
cve
cve
CVE-2013-4222
2013-09-30 22:55:04
fedora
fedora
[SECURITY] Fedora 20 Update: openstack-keystone-2013.2-0.9.b3.fc20
2013-09-23 00:29:05
nessus
nessus
Fedora 20 : openstack-keystone-2013.2-0.9.b3.fc20 (2013-16551)
2013-09-23 00:00:00
Ubuntu 12.10 / 13.04 : keystone vulnerabilities (USN-2002-1)
2013-10-24 00:00:00
ubuntucve
ubuntucve
CVE-2013-4222
2013-09-30 00:00:00
prion
prion
Design/Logic Flaw
2013-09-30 22:55:00
redhat
redhat
(RHSA-2013:1524) Moderate: openstack-keystone security and bug fix update
2013-11-18 00:00:00
nvd
nvd
CVE-2013-4222
2013-09-30 22:55:04
openvas
openvas
Ubuntu Update for keystone USN-2002-1
2013-10-29 00:00:00
Ubuntu: Security Advisory (USN-2002-1)
2013-10-29 00:00:00
securityvulns
securityvulns
[USN-2002-1] Keystone vulnerabilities
2013-10-28 00:00:00
OpenStack multiple security vulnerabilities
2013-12-23 00:00:00
ubuntu
ubuntu
Keystone vulnerabilities
2013-10-23 00:00:00