The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2013-09-23T20:00:00
Updated: 2024-08-06T16:38:01.910Z
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4294
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-09-23T20:55:07.323
Modified: 2024-11-21T01:55:17.800
Link: CVE-2013-4294
Redhat