Lucene search

K
githubGitHub Advisory DatabaseGHSA-22Q6-WWQ7-2JJ9
HistoryMay 17, 2022 - 4:56 a.m.

OpenStack Keystone Improper Authentication vulnerability

2022-05-1704:56:52
CWE-287
GitHub Advisory Database
github.com
7

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

Affected configurations

Vulners
Node
github_advisory_databasekeystoneRange<2012.2.4
CPENameOperatorVersion
keystonelt2012.2.4

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.2%