The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
References
Configurations
Configuration 1 (hide)
|
History
13 Feb 2023, 04:46
Type | Values Removed | Values Added |
---|---|---|
Summary | The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. | |
References |
|
02 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends | |
References |
|
Information
Published : 2013-09-23 20:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-4294
Mitre link : CVE-2013-4294
CVE.ORG link : CVE-2013-4294
JSON object : View
Products Affected
openstack
- keystone
CWE
CWE-264
Permissions, Privileges, and Access Controls