CVE-2013-2104

Published: Jan 21, 2014Modified: Apr 29, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

Affected (2)

Products: Openstack: Python Keystoneclient

1 product

Python Keystoneclient

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Openstack Python Keystoneclient	Up to 0.2.3
Openstack Python Keystoneclient	Version 0.2.2

Related CWEs

References (12)

http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-0944.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/05/28/7

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1851-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-1875-1

Source: secalert@redhat.com

https://bugs.launchpad.net/python-keystoneclient/+bug/1179615

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2013-0944.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2013/05/28/7

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1851-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1875-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugs.launchpad.net/python-keystoneclient/+bug/1179615

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.