CVE-2013-4294
OpenStack Keystone 2012.2.x and < 2013.1.4 - Unauthenticated Access Restriction Bypass via Revoked PKI Token
Title source: llmDescription
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1285.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/97237
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2002-1
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54706
Patch mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q3/586
Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/keystone/+bug/1202952
Scores
EPSS
0.0080
EPSS Percentile
74.3%
Details
CWE
CWE-264
Status
published
Products (10)
openstack/keystone
2012.2
openstack/keystone
2012.2.1
openstack/keystone
2012.2.2
openstack/keystone
2012.2.3
openstack/keystone
2012.2.4
openstack/keystone
2013.1
openstack/keystone
2013.1.1
openstack/keystone
2013.1.2
openstack/keystone
2013.1.3
pypi/keystone
2012.2.0 - 2013.1.4PyPI
Published
Sep 23, 2013
Tracked Since
Feb 18, 2026