OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Keystone |
Openstack |
2012.1.3 |
2012.1.3 |
References