Vulnerability Description
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Keystone | 2012.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/97237
- http://rhn.redhat.com/errata/RHSA-2013-1285.html
- http://seclists.org/oss-sec/2013/q3/586Patch
- http://secunia.com/advisories/54706
- http://www.ubuntu.com/usn/USN-2002-1
- https://bugs.launchpad.net/keystone/+bug/1202952Vendor Advisory
- http://osvdb.org/97237
- http://rhn.redhat.com/errata/RHSA-2013-1285.html
- http://seclists.org/oss-sec/2013/q3/586Patch
- http://secunia.com/advisories/54706
- http://www.ubuntu.com/usn/USN-2002-1
- https://bugs.launchpad.net/keystone/+bug/1202952Vendor Advisory
FAQ
What is CVE-2013-4294?
CVE-2013-4294 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which al...
How severe is CVE-2013-4294?
CVE-2013-4294 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4294?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Keystone.