OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
May 21, 2013
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
May 14, 2024
Last updated
Nov 26, 2024
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
References