Lucene search
Ubuntu.comUB:CVE-2013-1865HistoryMar 20, 2013 - 12:00 a.m.
CVE-2013-1865
2013-03-2000:00:00
ubuntu.com
ubuntu.com
9
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.0%
OpenStack Keystone Folsom (2012.2) does not properly perform revocation
checks for Keystone PKI tokens when done through a server, which allows
remote attackers to bypass intended access restrictions via a revoked PKI
token.
Bugs
Notes
| Author | Note |
|---|---|
| jdstrand | Keystone on 11.10 is a pre-release version and unusable with other components such as nova and horizon requires non-standard configuration (ie, using PKI tokens instead of UUID) per upstream, grizzly is not affected Essex does not support PKI tokens and is therefore not affected |
Related
nessus
nessus
Fedora 18 : openstack-keystone-2012.2.3-5.fc18 (2013-4590)
2013-04-09 00:00:00
openSUSE Security Update : openstack-keystone (openSUSE-SU-2013:0565-1)
2014-06-13 00:00:00
Ubuntu 12.10 : keystone vulnerability (USN-1772-1)
2013-03-21 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerability
2013-03-20 00:00:00
securityvulns
securityvulns
[USN-1772-1] OpenStack Keystone vulnerability
2013-03-24 00:00:00
OpenStack security vulnerabilities
2013-03-24 00:00:00
osv
osv
OpenStack Keystone Improper Authentication vulnerability
2022-05-17 04:56:52
openvas
openvas
Ubuntu Update for keystone USN-1772-1
2013-03-22 00:00:00
Ubuntu: Security Advisory (USN-1772-1)
2013-03-22 00:00:00
Fedora Update for openstack-keystone FEDORA-2013-4590
2013-04-15 00:00:00
cve
cve
CVE-2013-1865
2013-03-22 21:55:00
debiancve
debiancve
CVE-2013-1865
2013-03-22 21:55:00
prion
prion
Design/Logic Flaw
2013-03-22 21:55:00
github
github
OpenStack Keystone Improper Authentication vulnerability
2022-05-17 04:56:52
redhat
redhat
(RHSA-2013:0708) Moderate: openstack-keystone security and bug fix update
2013-04-04 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 04:54:31
fedora
fedora
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.3-5.fc18
2013-04-08 22:52:02
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-3.fc18
2013-05-22 01:29:47
[SECURITY] Fedora 18 Update: openstack-keystone-2012.2.4-5.fc18
2013-08-09 17:01:37
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.0%
Related for UB:CVE-2013-1865