PYSEC-2013-42

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2013-42.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2013-42

Aliases

CVE-2013-4294
GHSA-5qpp-v56f-mqfm

Published

2013-09-23T20:55:00Z

Modified

2024-11-25T22:42:11.905985Z

Summary

[none]

Details

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

References

https://bugs.launchpad.net/keystone/+bug/1202952
http://osvdb.org/97237
http://seclists.org/oss-sec/2013/q3/586
http://rhn.redhat.com/errata/RHSA-2013-1285.html
http://secunia.com/advisories/54706
http://www.ubuntu.com/usn/USN-2002-1

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2012.2.0

Fixed

2013.1.4