PT-2013-4941 · Openstack · Openstack Identity

Kieran Spear

Publicado

2013-09-23

Atualizado

2023-02-13

CVE-2013-4294

CVSS v4.0

6.9

Média

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions OpenStack Identity (Keystone) versions 2012.2.x through 2013.1.3 OpenStack Identity (Keystone) version 2013.1.4 is not affected, so the range is limited to before this version.

Description The issue concerns the mamcache and KVS token backends in OpenStack Identity (Keystone) which do not properly compare the PKI token revocation list with PKI tokens. This allows remote attackers to bypass intended access restrictions via a revoked PKI token.

Recommendations For OpenStack Identity (Keystone) versions 2012.2.x through 2013.1.3, update to version 2013.1.4 or later to resolve the issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-4294

GHSA-5QPP-V56F-MQFM

PYSEC-2013-42

RHSA-2013:1285

Produtos afetados

Openstack Identity

PT-2013-4941 · Openstack · Openstack Identity

CVE-2013-4294

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17