CVE-2013-4294 – keystone

Package

Manager: pip
Name: keystone
Vulnerable Version: >=2012.2.0 <2013.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.008 pctl0.73164

Details

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

Metadata

Created: 2022-05-17T04:58:57Z
Modified: 2024-11-26T18:39:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5qpp-v56f-mqfm/GHSA-5qpp-v56f-mqfm.json
CWE IDs: []
Alternative ID: GHSA-5qpp-v56f-mqfm
Finding: F039
Auto approve: 1