CVE 2013-1865
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
Related bugs and status
CVE-2013-1865 (Candidate) is related to these bugs:
Bug #1116671: Meta bug for tracking Openstack 2012.2.3 Stable Update
Bug #1129713: [OSSA 2013-009] Validation of PKI tokens bypasses revocation check
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1129713 | [OSSA 2013-009] Validation of PKI tokens bypasses revocation check | OpenStack Identity (keystone) | Medium | Invalid | ||
1129713 | [OSSA 2013-009] Validation of PKI tokens bypasses revocation check | OpenStack Identity (keystone) folsom | Medium | Fix Released | ||
1129713 | [OSSA 2013-009] Validation of PKI tokens bypasses revocation check | OpenStack Security Advisory | Undecided | Fix Released |
Bug #1179707: Meta bug for tracking OpenStack 2012.2.4 Stable Update
See the
CVE page on Mitre.org
for more details.