CVE-2013-2059

CWE-287Improper Authentication10 documents7 sources
Severity
6.0MEDIUM
EPSS
0.9%
top 24.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Keystone
Timeline
PublishedMay 21
Latest updateMay 17

Description

OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1.1, and Havana does not immediately revoke the authentication token when deleting a user through the Keystone v2 API, which allows remote authenticated users to retain access via the token.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages3 packages

NVDopenstack/keystone2012.1, 2013.1+1
PyPIkeystone< 8.0.0a0
Debiankeystone< 2013.1.1-2+3

🔴Vulnerability Details

4
GHSA
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user2022-05-17
OSV
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user2022-05-17
OSV
CVE-2013-2059: OpenStack Identity (Keystone) Folsom 20122013-05-21
CVEList
CVE-2013-2059: OpenStack Identity (Keystone) Folsom 20122013-05-21

📋Vendor Advisories

2
Ubuntu
OpenStack Keystone vulnerability2013-05-16
Debian
CVE-2013-2059: keystone - OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly before 2013.1...2013

💬Community

3
Bugzilla
CVE-2013-2059 OpenStack Keystone: tokens not immediately invalidated when user is deleted [fedora-all]2013-05-10
Bugzilla
CVE-2013-2059 OpenStack Keystone: tokens not immediately invalidated when user is deleted [epel-6]2013-05-10
Bugzilla
CVE-2013-2059 OpenStack Keystone: tokens not immediately invalidated when user is deleted2013-05-06
CVE-2013-2059 (MEDIUM CVSS 6) | OpenStack Identity (Keystone) Folso | cvebase.io