CVE-2013-2255
published 2019-11-01CVE-2013-2255: HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | keystone | < keystone 2014.1-1 (bookworm) | keystone 2014.1-1 (bookworm) |
| debian | swift | < keystone 2014.1-1 (bookworm) | keystone 2014.1-1 (bookworm) |
| openstack | cinder | >= 0 < 7.0.0a0 | 7.0.0a0 |
| openstack | compute | — | — |
| openstack | keystone | — | — |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 2014.1-1 | 2014.1-1 |
| openstack | keystone | >= 0 < 8.0.0a0 | 8.0.0a0 |
| openstack | neutron | >= 0 < 7.0.0a0 | 7.0.0a0 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.9MEDIUM