OpenStack Keystone 2012.1

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:openstack:keystone:2012.1:*:*:*:*:*:*:*

part: a version: 2012.1 update: *

VendorOpenstack (7b0cf974-b2b5-592e-bdf4-6953805ef02a)
ProductKeystone (54be5cb9-7f0d-5cc5-bfca-6220fcd705e3)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:deb/debian/keystone purl2cpe 2026-06-01 10:17:03.365945
pkg:deb/ubuntu/keystone purl2cpe 2026-06-01 10:17:03.365946
pkg:github/openstack/keystone purl2cpe 2026-06-01 10:17:03.365948
pkg:pypi/keystone purl2cpe 2026-06-01 10:17:03.365949

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2013-2059 vulnerable 2026-06-03 14:32:53.528114 Details available
OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.
Published: 2013-05-21T18:00:00.000Z
Updated: 2024-08-06T15:20:37.497Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2012-3426 vulnerable 2026-06-03 14:31:58.288017 Details available
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by (1) creating new tokens through token chaining, (2) leveraging possession of a token for a disabled user account, or (3) leveraging possession of a token for an account with a changed password.
Published: 2012-07-31T10:00:00.000Z
Updated: 2024-08-06T20:05:12.524Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.