CVE-2013-4294
MEDIUM5.3EPSS 0.80%OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token
發布日:2022/5/17修改日:2026/4/28
描述
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
受影響套件(3)
- Debian/keystonefrom 0, < 2013.1.3-2
- PyPI/keystone>= 2012.2.0, < 2013.1.4
- PyPI/keystone>= 2012.2.0, < 2013.1.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
參考連結(13)
- ADVISORYhttp://secunia.com/advisories/54706
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4294
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4294
- PATCHhttps://opendev.org/openstack/keystone
- WEBhttp://osvdb.org/97237
- WEBhttp://rhn.redhat.com/errata/RHSA-2013-1285.html
- WEBhttps://access.redhat.com/errata/RHSA-2013:1285
- WEBhttps://access.redhat.com/security/cve/CVE-2013-4294
- WEBhttps://bugs.launchpad.net/keystone/+bug/1202952
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1004452
- WEBhttp://seclists.org/oss-sec/2013/q3/586
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
- WEBhttp://www.ubuntu.com/usn/USN-2002-1