CVE-2013-2104

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-2104
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

5.5 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html
http://rhn.redhat.com/errata/RHSA-2013-0944.html
http://www.openwall.com/lists/oss-security/2013/05/28/7
http://www.ubuntu.com/usn/USN-1851-1
http://www.ubuntu.com/usn/USN-1875-1
https://bugs.launchpad.net/python-keystoneclient/+bug/1179615
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
cpe:2.3:a:openstack:python-keystoneclient:0.2.2:*:*:*:*:*:*:*
History

13 Feb 2023, 04:42

Type Values Removed Values Added
Summary CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
References
  • {'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=965852', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=965852', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0944', 'name': 'https://access.redhat.com/errata/RHSA-2013:0944', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2013-2104', 'name': 'https://access.redhat.com/security/cve/CVE-2013-2104', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 16:15

Type Values Removed Values Added
Summary python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires. CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation
References
  • (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=965852 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0944 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2013-2104 -
Information

Published : 2014-01-21 18:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-2104

Mitre link : CVE-2013-2104

CVE.ORG link : CVE-2013-2104

JSON object : View

Products Affected

openstack

  • python-keystoneclient
CWE
CWE-264

Permissions, Privileges, and Access Controls