CVE-2013-2255

CWE-295Improper Certificate Validation12 documents7 sources
Severity
5.9MEDIUM
EPSS
0.4%
top 38.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Openstack ComputeOpenstack KeystoneDebian Debian Linux+1 more
Timeline
PublishedNov 1
Latest updateMay 5

Description

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages10 packages

CVEListV5openstack/compute2013.1
NVDopenstack/compute2013.1
CVEListV5openstack/keystone2013
NVDredhat/openstack3.0, 4.0+1

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

4
GHSA
OpenStack Keystone and other components vulnerable to Improper Certificate Validation2022-05-05
OSV
OpenStack Keystone and other components vulnerable to Improper Certificate Validation2022-05-05
OSV
CVE-2013-2255: HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 20132019-11-01
CVEList
CVE-2013-2255: HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 20132019-11-01

📋Vendor Advisories

2
Red Hat
openstack-*: Inconsistent and non-validating HTTPS client2013-07-10
Debian
CVE-2013-2255: keystone - HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possi...2013

💬Community

5
Bugzilla
python-keystoneclient: CVE-2013-2255 Inconsistent and non-validating HTTPS client [epel-6]2013-07-15
Bugzilla
python-keystoneclient: CVE-2013-2255 Inconsistent and non-validating HTTPS client [fedora-all]2013-07-15
Bugzilla
openstack-keystone: CVE-2013-2255 Inconsistent and non-validating HTTPS client [fedora-all]2013-07-15
Bugzilla
openstack-keystone: CVE-2013-2255 Inconsistent and non-validating HTTPS client [epel-6]2013-07-15
Bugzilla
CVE-2013-2255 openstack-*: Inconsistent and non-validating HTTPS client2013-03-21
CVE-2013-2255 (MEDIUM CVSS 5.9) | HTTPSConnections in OpenStack Keyst | cvebase.io