Описание
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| lucid | DNE | |
| precise | not-affected | code-not-present |
| quantal | released | 2012.2.4-0ubuntu3.1 |
| raring | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1:0.2.4-0ubuntu1 |
| lucid | DNE | |
| precise | not-affected | |
| quantal | not-affected | |
| raring | released | 1:0.2.3-0ubuntu2.2 |
| upstream | released | 1:0.2.4-0ubuntu1 |
Показывать по
5.5 Medium
CVSS2
Связанные уязвимости
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Fol ...
python-keystoneclient missing expiration check in PKI token validation
5.5 Medium
CVSS2