Moderate severityNVD Advisory· Published Apr 12, 2013· Updated Jun 16, 2026
CVE-2013-0282
CVE-2013-0282
Description
OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
KeystonePyPI | < 8.0.0a0 | 8.0.0a0 |
Affected products
5cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:openstack:keystone:*:*:*:*:*:*:*:*range: >=2012.1,<=2012.1.3
- cpe:2.3:a:openstack:keystone:2013.1:milestone1:*:*:*:*:*:*
- cpe:2.3:a:openstack:keystone:2013.1:milestone2:*:*:*:*:*:*
- cpe:2.3:a:openstack:keystone:2013.1:milestone3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
15- www.openwall.com/lists/oss-security/2013/02/19/3nvdThird Party AdvisoryWEB
- bugs.launchpad.net/keystone/+bug/1121494nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-8833-qrvm-wc3hghsaADVISORY
- launchpad.net/keystone/+milestone/2012.2.4nvdThird Party AdvisoryWEB
- launchpad.net/keystone/grizzly/2013.1nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2013-0282ghsaADVISORY
- review.openstack.orgnvdVendor Advisory
- review.openstack.orgnvdVendor Advisory
- review.openstack.orgnvdVendor Advisory
- github.com/openstack/keystone/commit/7402f5ef994599653bdbb3ed5ff1a2b8c3e72b9fghsaWEB
- github.com/openstack/keystone/commit/9572bfc393f66f5ce3b44c0a77a9e29cc0374c6fghsaWEB
- github.com/openstack/keystone/commit/f0b4d300db5cc61d4f079f8bce9da8e8bea1081aghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
- review.openstack.orgghsaWEB
News mentions
0No linked articles in our index yet.