The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-09-23T20:00:00

Updated: 2024-08-06T16:38:01.910Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4294

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-09-23T20:55:07.323

Modified: 2024-11-21T01:55:17.800

Link: CVE-2013-4294

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-09-11T00:00:00Z

Links: CVE-2013-4294 - Bugzilla