Lucene search
HistoryAug 25, 2014 - 2:55 p.m.
CVE-2014-5253
openstack
identity
keystone
cve-2014-5253
token revocation
domain-scoped token
security vulnerability
nvd
6.1 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.1%
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
Related
ubuntucve
ubuntucve
CVE-2014-5253
2014-08-15 00:00:00
veracode
veracode
Authentication Bypass
2019-05-02 05:11:39
prion
prion
Design/Logic Flaw
2014-08-25 14:55:00
debiancve
debiancve
CVE-2014-5253
2014-08-25 14:55:00
cvelist
cvelist
CVE-2014-5253
2014-08-25 14:00:00
github
github
OpenStack Keystone Domain-scoped tokens don't get revoked
2022-05-17 04:31:12
redhat
redhat
(RHSA-2014:1121) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
(RHSA-2014:1122) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
6.1 Medium
AI Score
Confidence
Low
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.002 Low
EPSS
Percentile
56.1%
Related for CVE-2014-5253