CVE-2013-2104 — Use of a Key Past its Expiration Date in Python-keystoneclient
Severity
5.5MEDIUMNVD
EPSS
0.8%
top 26.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 21
Latest updateMay 17
Description
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
CVSS vector
AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9
Affected Packages1 packages
🔴Vulnerability Details
4📋Vendor Advisories
4Debian▶
CVE-2013-2104: keystone - python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does...↗2013
💬Community
5Bugzilla▶
CVE-2013-2104 OpenStack Keystoneclient: Missing expiration check in Keystone PKI token validation [fedora-19]↗2013-06-04
Bugzilla▶
CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation [epel-6]↗2013-06-04
Bugzilla▶
CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation [epel-6]↗2013-05-29
Bugzilla▶
CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation [fedora-18]↗2013-05-29
Bugzilla▶
CVE-2013-2104 OpenStack Keystone: Missing expiration check in Keystone PKI token validation↗2013-05-21