GHSA-qh2x-hpf9-cf2g

Source

https://github.com/advisories/GHSA-qh2x-hpf9-cf2g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh2x-hpf9-cf2g/GHSA-qh2x-hpf9-cf2g.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-qh2x-hpf9-cf2g

Aliases

CVE-2013-2255

Published

2022-05-05T00:28:57Z

Modified

2024-05-02T13:41:36.783156Z

Severity

5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

OpenStack Keystone and other components vulnerable to Improper Certificate Validation

Details

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

Database specific

{
    "nvd_published_at": "2019-11-01T19:15:00Z",
    "cwe_ids": [
        "CWE-295"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-02T13:26:09Z"
}

References

Affected packages

PyPI / python-keystoneclient

Package

Name: python-keystoneclient; View open source insights on deps.dev
Purl: pkg:pypi/python-keystoneclient

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.0

Affected versions

0.*

0.1.1

0.1.2

0.1.3

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.3.0

0.3.1

0.3.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh2x-hpf9-cf2g/GHSA-qh2x-hpf9-cf2g.json"

PyPI / cinder

Package

Name: cinder; View open source insights on deps.dev
Purl: pkg:pypi/cinder

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.0a0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh2x-hpf9-cf2g/GHSA-qh2x-hpf9-cf2g.json"

PyPI / neutron

Package

Name: neutron; View open source insights on deps.dev
Purl: pkg:pypi/neutron

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.0.0a0

Affected versions

0.*

0.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh2x-hpf9-cf2g/GHSA-qh2x-hpf9-cf2g.json"

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.0a0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qh2x-hpf9-cf2g/GHSA-qh2x-hpf9-cf2g.json"