|Bugzilla:||922230: CVE-2013-1865 OpenStack keystone: online validation of Keystone PKI tokens bypasses revocation check|
The MITRE CVE dictionary describes this issue as:
OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|OpenStack Folsom (openstack-keystone)||RHSA-2013:0708||April 04, 2013|
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Guang Yee (HP) as the original reporter.
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.