CVE 2012-4413
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Related bugs and status
CVE-2012-4413 (Candidate) is related to these bugs:
Bug #1041396: [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1041396 | [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413) | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1041396 | [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413) | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
| 1041396 | [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413) | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1041396 | [OSSA 2012-014] Token validation includes revoked roles (CVE-2012-4413) | OpenStack Security Advisory | Undecided | Fix Released | ||
Bug #1046905: Memcached Token Backend does not support list tokens
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1046905 | Memcached Token Backend does not support list tokens | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) | Medium | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | OpenStack Identity (keystone) essex | Medium | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1050025 | Token invalidation in case of role grant/revoke should be limited to affected tenant | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1056373: memcache driver needs protection against unicode user keys
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) | Critical | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | OpenStack Identity (keystone) essex | Critical | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu) | Undecided | Fix Released | ||
| 1056373 | memcache driver needs protection against unicode user keys | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1089488: Meta bug for tracking Openstack Stable Updates
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu) | Undecided | Invalid | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | horizon (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | keystone (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | nova (Ubuntu Precise) | Undecided | Fix Released | ||
| 1089488 | Meta bug for tracking Openstack Stable Updates | glance (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
