GSA_kwCzR0hTQS01cXBwLXY1NmYtbXFmbc4AAe6w

Moderate CVSS: 6.9 EPSS: 0.008% (0.72899 Percentile) EPSS:

Permalink JSON

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

Affected Packages	Affected Versions	Fixed Versions
pypi:keystone	>= 2012.2.0, < 2013.1.4	2013.1.4
3 Dependent packages 37 Dependent repositories 23,114 Downloads last month Affected Version Ranges All affected versions All unaffected versions 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 22.0.2, 23.0.0, 23.0.1, 23.0.2, 24.0.0, 24.1.0, 25.0.0, 26.0.0, 27.0.0

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

References:

Identifiers

GHSA-5qpp-v56f-mqfm

CVE-2013-4294

Risk

Severity

Moderate

CVSS

CVSS Score: 6.9

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.008

EPSS Percentile: 0.72899

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

about 3 years ago

Updated

8 months ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories