Novell Home

CVE-2013-2104

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-2104 at MITRE

Description

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

NVD CVSS v2 Base Score: 5.5 (AV:N/AC:L/Au:S/C:N/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 821201

SUSE Security Advisories:

© 2014 Novell