CVE-2013-1865

Currently unrated

Key Information:

Vendor: Openstack
Status: Folsom
Vendor: CVE Published:; 22 March 2013

Summary

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

References

http://www.openwall.com/lists/oss-security/2013/03/20/13

mailing-listx_refsource_MLIST

http://secunia.com/advisories/52657

third-party-advisoryx_refsource_SECUNIA

http://lists.opensuse.org/opensuse-updates/2013-04/msg000...

vendor-advisoryx_refsource_SUSE

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 22, 2013
Vulnerability Reserved
Feb 19, 2013