CVE-2013-1865

Openstack Folsom < 2012.2.4 - Authentication Bypass

Title source: rule

Description

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

References (10)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0708.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-04/msg00000.html

[Third Party Advisory, VDB Entry] http://osvdb.org/91532

[Vendor Advisory] http://secunia.com/advisories/52657

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/58616

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1772-1

[Issue Tracking] https://bugs.launchpad.net/keystone/+bug/1129713

[Various Sources] https://review.openstack.org/#/c/24906/

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html

[Mailing List] http://www.openwall.com/lists/oss-security/2013/03/20/13

Scores

EPSS 0.0116

EPSS Percentile 78.4%

Classification

CWE

CWE-287

Status draft

Affected Products (3)

openstack/folsom

canonical/ubuntu_linux

pypi/keystone < 2012.2.4PyPI

Timeline

Published Mar 22, 2013

Tracked Since Feb 18, 2026