CVE-2013-4294

Currently unrated

Key Information:

Vendor: Openstack
Status: Keystone
Vendor: CVE Published:; 23 September 2013

Summary

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

References

http://osvdb.org/97237

vdb-entryx_refsource_OSVDB

http://www.ubuntu.com/usn/USN-2002-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/54706

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Sep 23, 2013
Vulnerability Reserved
Jun 12, 2013