Moderate severityNVD Advisory· Published Nov 1, 2019· Updated Aug 6, 2024
CVE-2013-2255
CVE-2013-2255
Description
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-keystoneclientPyPI | < 0.4.0 | 0.4.0 |
cinderPyPI | < 7.0.0a0 | 7.0.0a0 |
neutronPyPI | < 7.0.0a0 | 7.0.0a0 |
keystonePyPI | < 8.0.0a0 | 8.0.0a0 |
Affected products
6- ghsa-coords4 versions
< 7.0.0a0+ 3 more
- (no CPE)range: < 7.0.0a0
- (no CPE)range: < 8.0.0a0
- (no CPE)range: < 7.0.0a0
- (no CPE)range: < 0.4.0
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-qh2x-hpf9-cf2gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-2255ghsaADVISORY
- access.redhat.com/security/cve/cve-2013-2255ghsax_refsource_MISCWEB
- bugs.launchpad.net/ossn/+bug/1188189ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- bugzilla.suse.com/show_bug.cgighsax_refsource_MISCWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/85562ghsax_refsource_MISCWEB
- github.com/openstack/cinder/commit/0f9652d92e175a1f7dc3c2a37ab444b8f189375aghsaWEB
- github.com/openstack/keystone/commit/5bd4c2984d329625a2a8442b316fa235dbb88a3dghsaWEB
- github.com/openstack/neutron/commit/7255e056092f034daaeb4246a812900645d46911ghsaWEB
- github.com/openstack/python-keystoneclient/commit/20e166fd8a943ee3f91ba362a47e9c14c7cc5f4cghsaWEB
- security-tracker.debian.org/tracker/CVE-2013-2255ghsax_refsource_MISCWEB
- web.archive.org/web/20200229073508/https://www.securityfocus.com/bid/61118ghsaWEB
- www.securityfocus.com/bid/61118mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.