Vulnerability CVE-2013-2104

Vulnerability Name:

CVE-2013-2104 (CCN-84579)

Assigned:

2013-05-28

Published:

2013-05-28

Updated:

2023-02-13

Summary:

OpenStack Keystone could allow a remote attacker to bypass security restrictions, caused by an error within the Keystone authentication middleware when checking the expiration of PKI tokens. An attacker could exploit this vulnerability to bypass restrictions and treat an expired token as valid.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Consequences:

Bypass Security

References:

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20132104	V	CVE-2013-2104	2015-11-16
oval:org.mitre.oval:def:16572	P	USN-1851-1 -- libdmx vulnerability	2014-06-30
oval:org.mitre.oval:def:17063	P	USN-1875-1 -- OpenStack Keystone vulnerabilities	2014-06-30
oval:com.ubuntu.precise:def:20132104000	V	CVE-2013-2104 on Ubuntu 12.04 LTS (precise) - medium.	2014-01-21

BACK