Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-2104

Опубликовано: 28 мая 2013
Источник: redhat
CVSS2: 2.6

Описание

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 2.1openstack-keystoneAffected
OpenStack 3 for RHEL 6python-keystoneclientFixedRHSA-2013:094412.06.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-613
https://bugzilla.redhat.com/show_bug.cgi?id=965852Keystone: Missing expiration check in Keystone PKI token validation

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-2104

ubuntu
около 12 лет назад

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

nvd логотип

CVE-2013-2104

nvd
около 12 лет назад

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

debian логотип

CVE-2013-2104

debian
около 12 лет назад

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Fol ...

github логотип

GHSA-4rrr-j7ff-r844

CVSS3: 7.5
github
больше 3 лет назад

python-keystoneclient missing expiration check in PKI token validation

2.6 Low

CVSS2