CVE-2013-4294
medium
CVSS v3
—
CVSS v2
5.0
VIR risk
5.0
Description
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2013-4294
Vendor advisory: secalert@redhat.com — https://bugs.launchpad.net/keystone/+bug/1202952
Vendor advisory: secalert@redhat.com — http://seclists.org/oss-sec/2013/q3/586
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2013.1.3-2 |
| debian | bullseye | fixed | 2013.1.3-2 |
| debian | forky | fixed | 2013.1.3-2 |
| debian | sid | fixed | 2013.1.3-2 |
| debian | trixie | fixed | 2013.1.3-2 |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | keystone | >=2012.2.0,<2013.1.4 | 2013.1.4 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2013-4294
- https://access.redhat.com/errata/RHSA-2013:1285
- https://access.redhat.com/security/cve/CVE-2013-4294
- https://bugs.launchpad.net/keystone/+bug/1202952
- https://bugzilla.redhat.com/show_bug.cgi?id=1004452
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-42.yaml
- https://opendev.org/openstack/keystone
- http://rhn.redhat.com/errata/RHSA-2013-1285.html
- http://seclists.org/oss-sec/2013/q3/586
- http://www.ubuntu.com/usn/USN-2002-1
- http://osvdb.org/97237
- http://secunia.com/advisories/54706
- https://security-tracker.debian.org/tracker/CVE-2013-4294
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.