CVE-2013-1865
CVE-2013-1865, security advisory, novell, suse linux, suse, security, cve

CVE-2013-1865

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-1865 at MITRE

Description

OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.82
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 809590 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • openstack-keystone >= 2012.2.4+git.1363796849.255b1d4-3.8.1
  • openstack-keystone-doc >= 2012.2.4+git.1363796849.255b1d4-3.8.1
  • openstack-keystone-test >= 2012.2.4+git.1363796849.255b1d4-3.8.1
  • python-keystone >= 2012.2.4+git.1363796849.255b1d4-3.8.1
Patchnames:
openSUSE-2013-266