OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

GHSA-5qpp-v56f-mqfm · CVE-2013-4294 · PYSEC-2013-42

Published May 17, 2022 · Modified Nov 26, 2024

Description

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-4294
WEB https://access.redhat.com/errata/RHSA-2013:1285
WEB https://access.redhat.com/security/cve/CVE-2013-4294
WEB https://bugs.launchpad.net/keystone/+bug/1202952
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1004452
WEB https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
PACKAGE https://opendev.org/openstack/keystone
WEB http://rhn.redhat.com/errata/RHSA-2013-1285.html
WEB http://seclists.org/oss-sec/2013/q3/586
WEB http://www.ubuntu.com/usn/USN-2002-1

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes