GoogleOSV:GHSA-22Q6-WWQ7-2JJ9OpenStack Keystone Improper Authentication vulnerability
6.8 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.0%
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
References
github.com/openstack/keystone/commit/255b1d43500f5d98ec73a0056525b492b14fec05
lists.fedoraproject.org/pipermail/package-announce/2013-April/101719.html
lists.opensuse.org/opensuse-updates/2013-04/msg00000.html
rhn.redhat.com/errata/RHSA-2013-0708.html
www.openwall.com/lists/oss-security/2013/03/20/13
www.ubuntu.com/usn/USN-1772-1
access.redhat.com/errata/RHSA-2013:0708
access.redhat.com/security/cve/CVE-2013-1865
bugs.launchpad.net/keystone/+bug/1129713
bugzilla.redhat.com/show_bug.cgi?id=922230
nvd.nist.gov/vuln/detail/CVE-2013-1865
opendev.org/openstack/keystone
review.openstack.org/#/c/24906
review.openstack.org/24906
web.archive.org/web/20170715155558/www.securityfocus.com/bid/58616
Related
6.8 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.0%