CVE-2013-2059
Published: 9 May 2013
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
Notes
Author | Note |
---|---|
jdstrand | upstream states Essex is affected |
Priority
Status
Package | Release | Status |
---|---|---|
keystone Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1)
|
|
quantal |
Released
(2012.2.3+stable-20130206-82c87e56-0ubuntu2.1)
|
|
raring |
Released
(1:2013.1-0ubuntu1.1)
|
|
upstream |
Pending
|