Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2012-4413

OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.

Published: Sep 18, 2012
Updated: Nov 9, 2025
CVE: CVE-2012-4413
GHSA: GHSA-mrxv-65rv-6hxq
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / keystone	2012.1.3	2012.1.3.x
keystone	-	2012.1.3

http://github.com/openstack/keystone/commit/58ac6691a21675be9e2ffb0f84a05fc3cd4d2e2e
http://osvdb.org/85484
http://secunia.com/advisories/50531
http://secunia.com/advisories/50590
http://www.openwall.com/lists/oss-security/2012/09/12/7
http://www.securityfocus.com/bid/55524
http://www.ubuntu.com/usn/USN-1564-1
https://access.redhat.com/errata/RHSA-2012:1378
https://access.redhat.com/security/cve/CVE-2012-4413
https://bugs.launchpad.net/keystone/+bug/1041396
https://bugzilla.redhat.com/show_bug.cgi?id=855491
https://exchange.xforce.ibmcloud.com/vulnerabilities/78478
https://review.opendev.org/c/openstack/keystone/+/12870/
https://web.archive.org/web/20121114023848/http://www.securityfocus.com/bid/55524

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo