CVE-2013-1865: OpenStack Keystone Improper Authentication vulnerability
(updated )
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
References
- access.redhat.com/errata/RHSA-2013:0708
- access.redhat.com/security/cve/CVE-2013-1865
- bugs.launchpad.net/keystone/+bug/1129713
- bugzilla.redhat.com/show_bug.cgi?id=922230
- github.com/advisories/GHSA-22q6-wwq7-2jj9
- github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2013-39.yaml
- nvd.nist.gov/vuln/detail/CVE-2013-1865
- opendev.org/openstack/keystone
- review.openstack.org/
- review.openstack.org/24906
- web.archive.org/web/20170715155558/http://www.securityfocus.com/bid/58616
Code Behaviors & Features
Detect and mitigate CVE-2013-1865 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →