cvelistv5 - cve-2013-4294

CVE-2013-4294 (GCVE-0-2013-4294)

Vulnerability from cvelistv5 – Published: 2013-09-23 20:00 – Updated: 2024-08-06 16:38

Summary

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://osvdb.org/97237	vdb-entryx_refsource_OSVDB
	http://www.ubuntu.com/usn/USN-2002-1	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/54706	third-party-advisoryx_refsource_SECUNIA
	http://seclists.org/oss-sec/2013/q3/586	mailing-listx_refsource_MLIST
	https://bugs.launchpad.net/keystone/+bug/1202952	x_refsource_CONFIRM
	http://rhn.redhat.com/errata/RHSA-2013-1285.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:38:01.910Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "97237",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/97237"
          },
          {
            "name": "USN-2002-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2002-1"
          },
          {
            "name": "54706",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/54706"
          },
          {
            "name": "[oss-security] 20130911  [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2013/q3/586"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
          },
          {
            "name": "RHSA-2013:1285",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-02T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "97237",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/97237"
        },
        {
          "name": "USN-2002-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2002-1"
        },
        {
          "name": "54706",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/54706"
        },
        {
          "name": "[oss-security] 20130911  [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2013/q3/586"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
        },
        {
          "name": "RHSA-2013:1285",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-4294",
    "datePublished": "2013-09-23T20:00:00",
    "dateReserved": "2013-06-12T00:00:00",
    "dateUpdated": "2024-08-06T16:38:01.910Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22E8C9F6-6DEE-4DD1-9B3E-5879E51464B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C26C7AF-F31B-48B4-8FA0-FBA24E86D641\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"792412B1-891F-404E-BC7F-1FA1DF4A623B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4481B437-5602-4EC9-BAD2-7EF065448E69\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2012.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5845BE-3B3F-4015-872A-C4D2771736F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70697FA3-5C64-4632-B0F5-7DF12B4B7067\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F72F13BC-BE73-4DCD-8C7F-7D803CB047FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BFF04D50-069F-493B-8667-C55EA6413AD3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0911BBF3-6111-4ED8-B269-EB4383C5DC05\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.\"}, {\"lang\": \"es\", \"value\": \"El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versi\\u00f3n 2013.1.4 no compara correctamente la lista de revocaci\\u00f3n del token PKI con tokens PKI, lo que permite a atacantes remotos evitar restricciones de acceso a trav\\u00e9s de un token PKI revocado.\"}]",
      "id": "CVE-2013-4294",
      "lastModified": "2024-11-21T01:55:17.800",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-09-23T20:55:07.323",
      "references": "[{\"url\": \"http://osvdb.org/97237\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1285.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q3/586\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/54706\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2002-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugs.launchpad.net/keystone/+bug/1202952\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/97237\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2013-1285.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q3/586\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://secunia.com/advisories/54706\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2002-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/keystone/+bug/1202952\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4294\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-09-23T20:55:07.323\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.\"},{\"lang\":\"es\",\"value\":\"El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versi\u00f3n 2013.1.4 no compara correctamente la lista de revocaci\u00f3n del token PKI con tokens PKI, lo que permite a atacantes remotos evitar restricciones de acceso a trav\u00e9s de un token PKI revocado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22E8C9F6-6DEE-4DD1-9B3E-5879E51464B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C26C7AF-F31B-48B4-8FA0-FBA24E86D641\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"792412B1-891F-404E-BC7F-1FA1DF4A623B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4481B437-5602-4EC9-BAD2-7EF065448E69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2012.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5845BE-3B3F-4015-872A-C4D2771736F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70697FA3-5C64-4632-B0F5-7DF12B4B7067\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F72F13BC-BE73-4DCD-8C7F-7D803CB047FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF04D50-069F-493B-8667-C55EA6413AD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0911BBF3-6111-4ED8-B269-EB4383C5DC05\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/97237\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1285.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/oss-sec/2013/q3/586\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/54706\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2002-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugs.launchpad.net/keystone/+bug/1202952\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/97237\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2013-1285.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/oss-sec/2013/q3/586\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://secunia.com/advisories/54706\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2002-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/keystone/+bug/1202952\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GSD-2013-4294

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-4294

Aliases

CVE-2013-4294

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4294",
    "description": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
    "id": "GSD-2013-4294",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4294.html",
      "https://access.redhat.com/errata/RHSA-2013:1285"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4294"
      ],
      "details": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
      "id": "GSD-2013-4294",
      "modified": "2023-12-13T01:22:15.876750Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-4294",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.ubuntu.com/usn/USN-2002-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-2002-1"
          },
          {
            "name": "http://osvdb.org/97237",
            "refsource": "MISC",
            "url": "http://osvdb.org/97237"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2013-1285.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
          },
          {
            "name": "http://seclists.org/oss-sec/2013/q3/586",
            "refsource": "MISC",
            "url": "http://seclists.org/oss-sec/2013/q3/586"
          },
          {
            "name": "http://secunia.com/advisories/54706",
            "refsource": "MISC",
            "url": "http://secunia.com/advisories/54706"
          },
          {
            "name": "https://bugs.launchpad.net/keystone/+bug/1202952",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=2012.2.0,\u003c2013.1.4",
          "affected_versions": "All versions starting from 2012.2.0 before 2013.1.4",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-264",
            "CWE-937"
          ],
          "date": "2023-02-08",
          "description": "CVE-2013-4294 OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends",
          "fixed_versions": [
            "2013.1.4"
          ],
          "identifier": "CVE-2013-4294",
          "identifiers": [
            "GHSA-5qpp-v56f-mqfm",
            "CVE-2013-4294"
          ],
          "not_impacted": "All versions before 2012.2.0, all versions starting from 2013.1.4",
          "package_slug": "pypi/keystone",
          "pubdate": "2022-05-17",
          "solution": "Upgrade to version 2013.1.4 or above.",
          "title": "OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2013-4294",
            "https://bugs.launchpad.net/keystone/+bug/1202952",
            "http://osvdb.org/97237",
            "http://rhn.redhat.com/errata/RHSA-2013-1285.html",
            "http://seclists.org/oss-sec/2013/q3/586",
            "http://www.ubuntu.com/usn/USN-2002-1",
            "https://access.redhat.com/errata/RHSA-2013:1285",
            "https://access.redhat.com/security/cve/CVE-2013-4294",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1004452",
            "https://github.com/advisories/GHSA-5qpp-v56f-mqfm"
          ],
          "uuid": "331e3080-fdd7-4c34-ad9f-c0df32373880"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-4294"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.launchpad.net/keystone/+bug/1202952",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
            },
            {
              "name": "97237",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/97237"
            },
            {
              "name": "[oss-security] 20130911  [OSSA 2013-025] Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294)",
              "refsource": "MLIST",
              "tags": [
                "Patch"
              ],
              "url": "http://seclists.org/oss-sec/2013/q3/586"
            },
            {
              "name": "RHSA-2013:1285",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
            },
            {
              "name": "54706",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/54706"
            },
            {
              "name": "USN-2002-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2002-1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-02-13T04:46Z",
      "publishedDate": "2013-09-23T20:55Z"
    }
  }
}

RHSA-2013_1285

Vulnerability from csaf_redhat - Published: 2013-09-25 16:12 - Updated: 2024-11-22 07:04

Summary

Red Hat Security Advisory: openstack-keystone security update

Notes

Topic

Updated openstack-keystone packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

Details

The openstack-keystone packages provide Keystone, a Python implementation of the OpenStack identity service API, which provides Identity, Token, Catalog, and Policy services. It was found that Keystone did not correctly handle revoked PKI tokens, allowing users with revoked tokens to retain access to resources they should no longer be able to access. This issue only affected systems using PKI tokens with the memcache or KVS token back ends. (CVE-2013-4294) Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Kieran Spear of University of Melbourne as the original reporter. All users of openstack-keystone are advised to upgrade to these updated packages, which correct these issues. After installing the updated packages, the Keystone service (openstack-keystone) will be restarted automatically.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-keystone packages that fix one security issue are now\navailable for Red Hat OpenStack 3.0.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-keystone packages provide Keystone, a Python implementation\nof the OpenStack identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nIt was found that Keystone did not correctly handle revoked PKI tokens,\nallowing users with revoked tokens to retain access to resources they\nshould no longer be able to access. This issue only affected systems using\nPKI tokens with the memcache or KVS token back ends. (CVE-2013-4294)\n\nRed Hat would like to thank Thierry Carrez of OpenStack upstream for\nreporting this issue. Upstream acknowledges Kieran Spear of University of\nMelbourne as the original reporter.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which correct these issues. After installing the updated\npackages, the Keystone service (openstack-keystone) will be restarted\nautomatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1285",
        "url": "https://access.redhat.com/errata/RHSA-2013:1285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1004452",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1285.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-keystone security update",
    "tracking": {
      "current_release_date": "2024-11-22T07:04:59+00:00",
      "generator": {
        "date": "2024-11-22T07:04:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2013:1285",
      "initial_release_date": "2013-09-25T16:12:00+00:00",
      "revision_history": [
        {
          "date": "2013-09-25T16:12:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-09-25T16:16:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T07:04:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
                  "product_id": "6Server-Grizzly",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:3::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone-doc@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                "product": {
                  "name": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                  "product_id": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2013.1.3-2.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2013.1.3-2.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src"
        },
        "product_reference": "openstack-keystone-0:2013.1.3-2.el6ost.src",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "python-keystone-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Thierry Carrez"
          ],
          "organization": "OpenStack upstream"
        },
        {
          "names": [
            "Kieran Spear"
          ],
          "organization": "University of Melbourne",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2013-4294",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2013-09-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1004452"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
          "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
          "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
          "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4294"
        },
        {
          "category": "external",
          "summary": "RHBZ#1004452",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4294"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294"
        }
      ],
      "release_date": "2013-09-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-09-25T16:12:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
            "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1285"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
            "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends"
    }
  ]
}

RHSA-2013:1285

Vulnerability from csaf_redhat - Published: 2013-09-25 16:12 - Updated: 2025-11-21 17:45

Summary

Red Hat Security Advisory: openstack-keystone security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated openstack-keystone packages that fix one security issue are now\navailable for Red Hat OpenStack 3.0.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available from the CVE link in\nthe References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The openstack-keystone packages provide Keystone, a Python implementation\nof the OpenStack identity service API, which provides Identity, Token,\nCatalog, and Policy services.\n\nIt was found that Keystone did not correctly handle revoked PKI tokens,\nallowing users with revoked tokens to retain access to resources they\nshould no longer be able to access. This issue only affected systems using\nPKI tokens with the memcache or KVS token back ends. (CVE-2013-4294)\n\nRed Hat would like to thank Thierry Carrez of OpenStack upstream for\nreporting this issue. Upstream acknowledges Kieran Spear of University of\nMelbourne as the original reporter.\n\nAll users of openstack-keystone are advised to upgrade to these updated\npackages, which correct these issues. After installing the updated\npackages, the Keystone service (openstack-keystone) will be restarted\nautomatically.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2013:1285",
        "url": "https://access.redhat.com/errata/RHSA-2013:1285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1004452",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_1285.json"
      }
    ],
    "title": "Red Hat Security Advisory: openstack-keystone security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:45:27+00:00",
      "generator": {
        "date": "2025-11-21T17:45:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2013:1285",
      "initial_release_date": "2013-09-25T16:12:00+00:00",
      "revision_history": [
        {
          "date": "2013-09-25T16:12:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2013-09-25T16:16:52+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:45:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
                "product": {
                  "name": "Red Hat Enterprise Linux OpenStack Platform 3.0",
                  "product_id": "6Server-Grizzly",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:3::el6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "python-keystone-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python-keystone@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                "product": {
                  "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                  "product_id": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone-doc@2013.1.3-2.el6ost?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                "product": {
                  "name": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                  "product_id": "openstack-keystone-0:2013.1.3-2.el6ost.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-keystone@2013.1.3-2.el6ost?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "openstack-keystone-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-0:2013.1.3-2.el6ost.src as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src"
        },
        "product_reference": "openstack-keystone-0:2013.1.3-2.el6ost.src",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-keystone-0:2013.1.3-2.el6ost.noarch as a component of Red Hat Enterprise Linux OpenStack Platform 3.0",
          "product_id": "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
        },
        "product_reference": "python-keystone-0:2013.1.3-2.el6ost.noarch",
        "relates_to_product_reference": "6Server-Grizzly"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Thierry Carrez"
          ],
          "organization": "OpenStack upstream"
        },
        {
          "names": [
            "Kieran Spear"
          ],
          "organization": "University of Melbourne",
          "summary": "Acknowledged by upstream."
        }
      ],
      "cve": "CVE-2013-4294",
      "cwe": {
        "id": "CWE-613",
        "name": "Insufficient Session Expiration"
      },
      "discovery_date": "2013-09-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1004452"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
          "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
          "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
          "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2013-4294"
        },
        {
          "category": "external",
          "summary": "RHBZ#1004452",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2013-4294",
          "url": "https://www.cve.org/CVERecord?id=CVE-2013-4294"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294"
        }
      ],
      "release_date": "2013-09-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2013-09-25T16:12:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
            "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2013:1285"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:openstack-keystone-0:2013.1.3-2.el6ost.src",
            "6Server-Grizzly:openstack-keystone-doc-0:2013.1.3-2.el6ost.noarch",
            "6Server-Grizzly:python-keystone-0:2013.1.3-2.el6ost.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends"
    }
  ]
}

PYSEC-2013-42

Vulnerability from pysec - Published: 2013-09-23 20:55 - Updated: 2024-11-25 18:35

Details

Impacted products

Name	purl
keystone	pkg:pypi/keystone

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone",
        "purl": "pkg:pypi/keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2012.2.0"
            },
            {
              "fixed": "2013.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4294",
    "GHSA-5qpp-v56f-mqfm"
  ],
  "details": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
  "id": "PYSEC-2013-42",
  "modified": "2024-11-25T18:35:18.357593Z",
  "published": "2013-09-23T20:55:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/97237"
    },
    {
      "type": "FIX",
      "url": "http://seclists.org/oss-sec/2013/q3/586"
    },
    {
      "type": "ADVISORY",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/54706"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.ubuntu.com/usn/USN-2002-1"
    }
  ]
}

GHSA-5QPP-V56F-MQFM

Vulnerability from github – Published: 2022-05-17 04:58 – Updated: 2024-11-26 18:39

Summary

OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "keystone"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2012.2.0"
            },
            {
              "fixed": "2013.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2013-4294"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T20:00:43Z",
    "nvd_published_at": "2013-09-23T20:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.",
  "id": "GHSA-5qpp-v56f-mqfm",
  "modified": "2024-11-26T18:39:00Z",
  "published": "2022-05-17T04:58:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4294"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2013:1285"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2013-4294"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1004452"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://opendev.org/openstack/keystone"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/oss-sec/2013/q3/586"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2002-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenStack Identity (Keystone) allows remote attackers to bypass intended access restrictions via revoked PKI token"
}

FKIE_CVE-2013-4294

Vulnerability from fkie_nvd - Published: 2013-09-23 20:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://osvdb.org/97237
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-1285.html
secalert@redhat.com	http://seclists.org/oss-sec/2013/q3/586	Patch
secalert@redhat.com	http://secunia.com/advisories/54706
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2002-1
secalert@redhat.com	https://bugs.launchpad.net/keystone/+bug/1202952	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/97237
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-1285.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/oss-sec/2013/q3/586	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/54706
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2002-1
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/keystone/+bug/1202952	Vendor Advisory

Impacted products

Vendor	Product	Version
openstack	keystone	2012.2
openstack	keystone	2012.2.1
openstack	keystone	2012.2.2
openstack	keystone	2012.2.3
openstack	keystone	2012.2.4
openstack	keystone	2013.1
openstack	keystone	2013.1.1
openstack	keystone	2013.1.2
openstack	keystone	2013.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "22E8C9F6-6DEE-4DD1-9B3E-5879E51464B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C26C7AF-F31B-48B4-8FA0-FBA24E86D641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "792412B1-891F-404E-BC7F-1FA1DF4A623B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4481B437-5602-4EC9-BAD2-7EF065448E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2012.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5845BE-3B3F-4015-872A-C4D2771736F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70697FA3-5C64-4632-B0F5-7DF12B4B7067",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F72F13BC-BE73-4DCD-8C7F-7D803CB047FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF04D50-069F-493B-8667-C55EA6413AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0911BBF3-6111-4ED8-B269-EB4383C5DC05",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token."
    },
    {
      "lang": "es",
      "value": "El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versi\u00f3n 2013.1.4 no compara correctamente la lista de revocaci\u00f3n del token PKI con tokens PKI, lo que permite a atacantes remotos evitar restricciones de acceso a trav\u00e9s de un token PKI revocado."
    }
  ],
  "id": "CVE-2013-4294",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-23T20:55:07.323",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/97237"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/586"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/54706"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2002-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/97237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-1285.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://seclists.org/oss-sec/2013/q3/586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/54706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2002-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://bugs.launchpad.net/keystone/+bug/1202952"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4294 (GCVE-0-2013-4294)

GSD-2013-4294

RHSA-2013_1285

RHSA-2013:1285

PYSEC-2013-42

GHSA-5QPP-V56F-MQFM

FKIE_CVE-2013-4294

Tags

Sightings

Nomenclature