// For flags

CVE-2013-4294

OpenStack: Keystone Token revocation failure using Keystone memcache/KVS backends

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

El (1) mamcache y (2) KVS token backends en OpenStack Identity (Keystone) Folsom 2012.2.x y Grizzly anterior a la versión 2013.1.4 no compara correctamente la lista de revocación del token PKI con tokens PKI, lo que permite a atacantes remotos evitar restricciones de acceso a través de un token PKI revocado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-06-12 CVE Reserved
  • 2013-09-23 CVE Published
  • 2023-08-06 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
  • CWE-613: Insufficient Session Expiration
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2012.2
Search vendor "Openstack" for product "Keystone" and version "2012.2"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2012.2.1
Search vendor "Openstack" for product "Keystone" and version "2012.2.1"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2012.2.2
Search vendor "Openstack" for product "Keystone" and version "2012.2.2"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2012.2.3
Search vendor "Openstack" for product "Keystone" and version "2012.2.3"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2012.2.4
Search vendor "Openstack" for product "Keystone" and version "2012.2.4"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2013.1
Search vendor "Openstack" for product "Keystone" and version "2013.1"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2013.1.1
Search vendor "Openstack" for product "Keystone" and version "2013.1.1"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2013.1.2
Search vendor "Openstack" for product "Keystone" and version "2013.1.2"
-
Affected
Openstack
Search vendor "Openstack"
 Keystone
Search vendor "Openstack" for product "Keystone"
 2013.1.3
Search vendor "Openstack" for product "Keystone" and version "2013.1.3"
-
Affected