Ubuntu Security Notice 1564-1 - Dolph Mathews discovered that when roles are granted and revoked to users in Keystone, pre-existing tokens were not updated or invalidated to take the new roles into account. An attacker could use this to continue to access resources that have been revoked.
a0585a27790aa493dcd3b0422e1b3b22791dccdfb16386176e89ac47dfb086ff