CVE-2014-5251

2014-08-2514:55:07

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

EPSS

0.002

Percentile

56.3%

JSON

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

OSVersionArchitecturePackageVersionFilename
Debian12allkeystone< 2014.1.2.1-1keystone_2014.1.2.1-1_all.deb
Debian11allkeystone< 2014.1.2.1-1keystone_2014.1.2.1-1_all.deb
Debian999allkeystone< 2014.1.2.1-1keystone_2014.1.2.1-1_all.deb
Debian13allkeystone< 2014.1.2.1-1keystone_2014.1.2.1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	keystone	< 2014.1.2.1-1	keystone_2014.1.2.1-1_all.deb
Debian	11	all	keystone	< 2014.1.2.1-1	keystone_2014.1.2.1-1_all.deb
Debian	999	all	keystone	< 2014.1.2.1-1	keystone_2014.1.2.1-1_all.deb
Debian	13	all	keystone	< 2014.1.2.1-1	keystone_2014.1.2.1-1_all.deb