CVE-2013-2104

Priority
Description
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom),
does not properly check expiry for PKI tokens, which allows remote
authenticated users to (1) retain use of a token after it has expired, or
(2) use a revoked token once it expires.
Assigned-to
jdstrand
Notes
jdstrandper upstream, code introduced in keystone in Folsom (Ubuntu 12.10).
For Grizzly (13.10), code moved to python-keystoneclient
PKI tokens not available on Essex (Ubuntu 12.04 LTS)
PKI are not used by default in Folsom (Ubuntu 12.10)
the update for 12.10 was superseded by an SRU. While keystone in
12.10 uses UUID tokens instead of PKI tokens, an update will be provided for
12.10 soon.
Package
Upstream:released (1:0.2.4-0ubuntu1)
More Information

Updated: 2020-07-28 19:49:34 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)