5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.002 Low
EPSS
Percentile
64.8%
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | keystone | < 2:22.0.0-2 | keystone_2:22.0.0-2_all.deb |
Debian | 11 | all | keystone | < 2:18.0.0-3+deb11u1 | keystone_2:18.0.0-3+deb11u1_all.deb |
Debian | 999 | all | keystone | < 2:25.0.0-2 | keystone_2:25.0.0-2_all.deb |
Debian | 13 | all | keystone | < 2:25.0.0-2 | keystone_2:25.0.0-2_all.deb |
Debian | 12 | all | python-keystoneclient | < 1:0.2.5-1 | python-keystoneclient_1:0.2.5-1_all.deb |
Debian | 11 | all | python-keystoneclient | < 1:0.2.5-1 | python-keystoneclient_1:0.2.5-1_all.deb |
Debian | 999 | all | python-keystoneclient | < 1:0.2.5-1 | python-keystoneclient_1:0.2.5-1_all.deb |
Debian | 13 | all | python-keystoneclient | < 1:0.2.5-1 | python-keystoneclient_1:0.2.5-1_all.deb |