CVE-2013-2104

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2104 at MITRE

Description

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

NVD CVSS v2 Base Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

SUSE information

SUSE Bugzilla entry: 821201

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • openstack-keystone >= 2012.2.4+git.1363796849.255b1d4-3.16.1
  • openstack-keystone-doc >= 2012.2.4+git.1363796849.255b1d4-3.16.1
  • openstack-keystone-test >= 2012.2.4+git.1363796849.255b1d4-3.16.1
  • python-keystone >= 2012.2.4+git.1363796849.255b1d4-3.16.1
Patchnames:
openSUSE-2013-540