CVE Vulnerabilities

CVE-2013-2104

Published: Jan 21, 2014 | Modified: Feb 13, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.5 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

Affected Software

Name Vendor Start Version End Version
Python-keystoneclient Openstack 0.2.2 0.2.2
Python-keystoneclient Openstack * 0.2.3

References