5

CVE-2013-4294

EPSS 0.8%
Veröffentlicht 23.09.2013 20:55:07
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Keystone Version2012.2

Openstack ≫ Keystone Version2012.2.1

Openstack ≫ Keystone Version2012.2.2

Openstack ≫ Keystone Version2012.2.3

Openstack ≫ Keystone Version2012.2.4

Openstack ≫ Keystone Version2013.1

Openstack ≫ Keystone Version2013.1.1

Openstack ≫ Keystone Version2013.1.2

Openstack ≫ Keystone Version2013.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.8%	0.73

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://osvdb.org/97237

http://rhn.redhat.com/errata/RHSA-2013-1285.html

http://seclists.org/oss-sec/2013/q3/586

Patch

http://secunia.com/advisories/54706

http://www.ubuntu.com/usn/USN-2002-1

https://bugs.launchpad.net/keystone/+bug/1202952

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2013-4294

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4294

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4294

EUVD