OpenStack Keystone and Compute SSL Certificate Validation Flaw
CVE-2013-2255

5.9MEDIUM

Key Information:

Vendor: Openstack
Status: Keystone; Compute
Vendor: CVE Published:; 1 November 2019

What is CVE-2013-2255?

The OpenStack Keystone and Compute components from 2013 exhibit a critical vulnerability where HTTPS connections do not properly validate server-side SSL certificates. This lack of validation can allow attackers to perform man-in-the-middle attacks, leading to potential data interception and exposure. Users of affected OpenStack versions are advised to implement appropriate measures to secure their environments and ensure SSL certificate validation is enforced.

Affected Version(s)

Compute 2013.1

Keystone 2013

References

https://security-tracker.debian.org/tracker/CVE-2013-2255

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2255

x_refsource_MISC

https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2255

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2019
Vulnerability Reserved
Feb 19, 2013

Openstack

What is CVE-2013-2255?

Affected Version(s)

References

CVSS V3.1

Timeline