CVE 2013-2059
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
Related bugs and status
CVE-2013-2059 (Candidate) is related to these bugs:
Bug #1166670: [OSSA 2013-011] Deleted user can still create instances
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1166670 | [OSSA 2013-011] Deleted user can still create instances | OpenStack Identity (keystone) | High | Fix Released | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | OpenStack Identity (keystone) folsom | High | Fix Released | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | OpenStack Identity (keystone) grizzly | High | Fix Released | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | OpenStack Security Advisory | Undecided | Fix Released | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | keystone (Ubuntu) | Undecided | Invalid | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | keystone (Ubuntu Quantal) | Undecided | Fix Released | ||
1166670 | [OSSA 2013-011] Deleted user can still create instances | keystone (Ubuntu Raring) | Undecided | Fix Released |
Bug #1167421: Upgrading from folsom to grizzly results in all tenants/users being disabled
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1167421 | Upgrading from folsom to grizzly results in all tenants/users being disabled | OpenStack Identity (keystone) | High | Fix Released | ||
1167421 | Upgrading from folsom to grizzly results in all tenants/users being disabled | OpenStack Identity (keystone) grizzly | High | Fix Released | ||
1167421 | Upgrading from folsom to grizzly results in all tenants/users being disabled | keystone (Ubuntu) | Undecided | Fix Released | ||
1167421 | Upgrading from folsom to grizzly results in all tenants/users being disabled | Ubuntu Cloud Archive | Undecided | Fix Released |
Bug #1178416: Address CVE-2013-2059
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1178416 | Address CVE-2013-2059 | Cisco Openstack | Critical | Fix Released | ||
1178416 | Address CVE-2013-2059 | Cisco Openstack folsom | Critical | Fix Committed | ||
1178416 | Address CVE-2013-2059 | Cisco Openstack grizzly | Critical | Fix Released |
Bug #1179626: Meta bug for tracking Openstack 2013.1.1 Stable Update
Bug #1179707: Meta bug for tracking OpenStack 2012.2.4 Stable Update
See the
CVE page on Mitre.org
for more details.