Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0yMnE2LXd3cTctMmpqOc4AAe3p

OpenStack Keystone Improper Authentication vulnerability

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

Permalink: https://github.com/advisories/GHSA-22q6-wwq7-2jj9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yMnE2LXd3cTctMmpqOc4AAe3p
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago


Identifiers: GHSA-22q6-wwq7-2jj9, CVE-2013-1865
References: Repository: https://github.com/openstack/keystone

Affected Packages

pypi:keystone
Dependent packages: 3
Dependent repositories: 37
Downloads: 6,812 last month
Affected Version Ranges: >= 2012.2, < 2012.2.4
Fixed in: 2012.2.4
All affected versions:
All unaffected versions: 12.0.2, 12.0.3, 13.0.2, 13.0.3, 13.0.4, 14.0.0, 14.0.1, 14.1.0, 14.2.0, 15.0.0, 15.0.1, 16.0.0, 16.0.1, 16.0.2, 17.0.0, 17.0.1, 18.0.0, 18.1.0, 19.0.0, 19.0.1, 20.0.0, 20.0.1, 21.0.0, 21.0.1, 22.0.0, 22.0.1, 23.0.0, 23.0.1, 24.0.0