| Vulnerability Name: | CVE-2013-4294 (CCN-87025) | ||||||||||||
| Assigned: | 2013-07-19 | ||||||||||||
| Published: | 2013-07-19 | ||||||||||||
| Updated: | 2023-02-13 | ||||||||||||
| Summary: | OpenStack Keystone could allow a remote attacker to bypass security restrictions, caused by an error within the revocation check for PKI tokens. An attacker could exploit this vulnerability memcache token backend to bypass the revocation check and affirm revoked tokens as valid. | ||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-4294 Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: oss-sec mailing list, Wed, 11 Sep 2013 17:44:25 +0200 Token revocation failure using Keystone memcache/KVS backends (CVE-2013-4294) Source: secalert@redhat.com Type: Patch secalert@redhat.com Source: CCN Type: SA54706 OpenStack KeyStone PKI Tokens Revocation Check Security Bypass Security Issue Source: CCN Type: OSVDB ID: 97237 OpenStack Keystone PKI Token Revocation Failure Access Persistence Source: CCN Type: BID-62331 OpenStack Keystone Token Revocation Failure Security Bypass Vulnerability Source: secalert@redhat.com Type: UNKNOWN secalert@redhat.com Source: CCN Type: OSSA 2013-025 PKI tokens are never revoked using memcache token backend (CVE-2013-4294) Source: secalert@redhat.com Type: Vendor Advisory secalert@redhat.com Source: XF Type: UNKNOWN keystone-cve20134294-sec-bypass(87025) | ||||||||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||