Solution
Please Install the Updated Packages.
Insight
Eoghan Glynn and Alex Meade discovered that python-keystoneclient did not properly perform expiry checks for the PKI tokens used in Keystone. If Keystone were setup to use PKI tokens (the default in Ubuntu 13.04), a previously authenticated user could continue to use a PKI token for longer than intended.
Affected
python-keystoneclient on Ubuntu 13.04
Severity
Classification
-
CVE CVE-2013-2104 -
CVSS Base Score: 5.5
AV:N/AC:L/Au:S/C:N/I:P/A:P
Related Vulnerabilities