VYPR
Moderate severityNVD Advisory· Published Sep 23, 2013· Updated Jun 16, 2026

CVE-2013-4294

CVE-2013-4294

Description

The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonePyPI
>= 2012.2.0, < 2013.1.42013.1.4

Affected products

10
  • cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:openstack:keystone:2012.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2012.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2012.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2012.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2012.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2013.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2013.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2013.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2013.1.3:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 2012.2.0, < 2013.1.4

Patches

Vulnerability mechanics

References

13

News mentions

0

No linked articles in our index yet.