CVE-2013-0282 – keystone

Package

Manager: pip
Name: keystone
Vulnerable Version: >=0 <8.0.0a0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00467 pctl0.63506

Details

OpenStack Keystone allows context-dependent attackers to bypass access restrictions OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.

Metadata

Created: 2022-05-05T02:48:43Z
Modified: 2024-05-09T16:47:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8833-qrvm-wc3h/GHSA-8833-qrvm-wc3h.json
CWE IDs: ["CWE-287"]
Alternative ID: GHSA-8833-qrvm-wc3h
Finding: F039
Auto approve: 1