CVE-2013-4294

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

Published: Sep 23, 2013
Updated: May 9, 2024
CVE: CVE-2013-4294
GHSA: GHSA-5qpp-v56f-mqfm
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
openstack / keystone	2013.1.3	2013.1.3.x
openstack / keystone	2012.2.4	2012.2.4.x
openstack / keystone	2013.1.1	2013.1.1.x
openstack / keystone	2013.1.2	2013.1.2.x
openstack / keystone	2012.2.2	2012.2.2.x
openstack / keystone	2012.2.1	2012.2.1.x
openstack / keystone	2012.2	2012.2.x
openstack / keystone	2013.1	2013.1.x
openstack / keystone	2012.2.3	2012.2.3.x
keystone	2012.2.0	2013.1.4

http://osvdb.org/97237
http://rhn.redhat.com/errata/RHSA-2013-1285.html
http://seclists.org/oss-sec/2013/q3/586
http://secunia.com/advisories/54706
http://www.ubuntu.com/usn/USN-2002-1
https://access.redhat.com/errata/RHSA-2013:1285
https://access.redhat.com/security/cve/CVE-2013-4294
https://bugs.launchpad.net/keystone/+bug/1202952
https://bugzilla.redhat.com/show_bug.cgi?id=1004452

Vulnerability Database

289,599

CVE-2013-4294