CVE-2013-4294

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-4294

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-4294.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2013-4294

Aliases

Related

RHSA-2013:1285

Published

2013-09-23T20:55:07Z

Modified

2024-11-25T22:42:20.856123Z

Summary

[none]

Details

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

References

Affected packages

Debian:11 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.1.3-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.1.3-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2013.1.3-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}