CVE-2013-4294

NameCVE-2013-4294
DescriptionThe (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs722505

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
keystone (PTS)jessie2014.1.3-6fixed
stretch (security), stretch (lts), stretch2:10.0.0-9+deb9u1fixed
buster (security), buster, buster (lts)2:14.2.0-0+deb10u2fixed
bullseye2:18.0.0-3+deb11u1fixed
bookworm2:22.0.0-2fixed
sid, trixie2:26.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
keystonesourcewheezy(not affected)
keystonesource(unstable)2013.1.3-2722505

Notes

[wheezy] - keystone <not-affected> (only affects Folsom release and above)

Search for package or bug name: Reporting problems