CVE-2013-4222

CWE-522 — Insufficiently Protected Credentials CWE-613 — Insufficient Session Expiration10 documents8 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Keystone Canonical Ubuntu Linux Fedoraproject Fedora +1 more

Timeline

PublishedSep 30

Latest updateMay 13

Description

OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶NVDopenstack/keystone2013.1 — 2013.1.3

▶Debiankeystone< 2013.1.3-1+3

▶NVDredhat/openstack3.0

Also affects: Fedora 20, Ubuntu Linux 12.10, 13.04

🔴Vulnerability Details

GHSA

GHSA-g99j-vfcp-3vmf: OpenStack Identity (Keystone) Folsom, Grizzly 2013↗2022-05-13

▶

CVEList

CVE-2013-4222: OpenStack Identity (Keystone) Folsom, Grizzly 2013↗2013-09-30

▶

OSV

CVE-2013-4222: OpenStack Identity (Keystone) Folsom, Grizzly 2013↗2013-09-30

▶

📋Vendor Advisories

Ubuntu

Keystone vulnerabilities↗2013-10-23

▶

Red Hat

OpenStack: Keystone disabling a tenant does not disable a user token↗2013-08-07

▶

Debian

CVE-2013-4222: keystone - OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, and Havana b...↗2013

▶

💬Community

Bugzilla

CVE-2013-4222 openstack-keystone: OpenStack: Keystone disabling a tenant does not disable a user token [epel-6]↗2013-08-09

▶

Bugzilla

CVE-2013-4222 OpenStack: Keystone disabling a tenant does not disable a user token↗2013-08-09

▶

Bugzilla

CVE-2013-4222 openstack-keystone: OpenStack: Keystone disabling a tenant does not disable a user token [fedora-all]↗2013-08-09

▶