CVE-2013-1865 — Improper Authentication in Keystone

CWE-287 — Improper Authentication CWE-285 — Improper Authorization11 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

1.2%

top 21.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Keystone Canonical Ubuntu Linux Openstack Folsom

Timeline

PublishedMar 22

Latest updateMay 17

Description

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶PyPIopenstack/keystone2012.2 — 2012.2.4

▶NVDopenstack/folsom2012.2

Also affects: Ubuntu Linux 12.10

🔴Vulnerability Details

GHSA

OpenStack Keystone Improper Authentication vulnerability↗2022-05-17

▶

OSV

OpenStack Keystone Improper Authentication vulnerability↗2022-05-17

▶

OSV

CVE-2013-1865: OpenStack Keystone Folsom (2012↗2013-03-22

▶

CVEList

CVE-2013-1865: OpenStack Keystone Folsom (2012↗2013-03-22

▶

📋Vendor Advisories

Ubuntu

OpenStack Keystone vulnerability↗2013-03-20

▶

Red Hat

keystone: online validation of Keystone PKI tokens bypasses revocation check↗2013-03-20

▶

Debian

CVE-2013-1865: keystone - OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks f...↗2013

▶

💬Community

Bugzilla

CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check [epel-6]↗2013-03-27

▶

Bugzilla

CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check [fedora-18]↗2013-03-20

▶

Bugzilla

CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check↗2013-03-15

▶