QwikSec

Security Database

CVE

CWE

Training

CVE-2013-2059

Published: May 21, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openSUSE-SU-2013:0949

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_OSVDB

FEDORA-2013-8048

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20130509 [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059)

mailing-list

x_refsource_MLIST

keystone-cve20132059-security-bypass(84135)

vdb-entry

x_refsource_XF

FEDORA-2013-8023

vendor-advisory

x_refsource_FEDORA

https://bugs.launchpad.net/keystone/+bug/1166670

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

[oss-security] 20130509 RE: [Openstack] [OSSA 2013-011] Keystone tokens not immediately invalidated when user is deleted (CVE-2013-2059)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.