Lucene search
HistoryAug 25, 2014 - 2:55 p.m.
CVE-2014-5253
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.
Affected configurations
Node
openstackkeystoneMatch2014.1
ORopenstackkeystoneMatch2014.1.2
ORopenstackkeystoneMatchjuno-1
ORopenstackkeystoneMatchjuno-2
ORcanonicalubuntu_linuxMatch14.04lts
Related
veracode
veracode
Authentication Bypass
2019-05-02 05:11:39
ubuntucve
ubuntucve
CVE-2014-5253
2014-08-15 00:00:00
cve
cve
CVE-2014-5253
2014-08-25 14:55:07
github
github
OpenStack Keystone Domain-scoped tokens don't get revoked
2022-05-17 04:31:12
prion
prion
Design/Logic Flaw
2014-08-25 14:55:00
debiancve
debiancve
CVE-2014-5253
2014-08-25 14:55:07
cvelist
cvelist
CVE-2014-5253
2014-08-25 14:00:00
redhat
redhat
(RHSA-2014:1121) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
(RHSA-2014:1122) Low: openstack-keystone security and bug fix update
2014-09-02 00:00:00
nessus
nessus
Ubuntu 14.04 LTS : OpenStack Keystone vulnerabilities (USN-2324-1)
2014-08-22 00:00:00
ubuntu
ubuntu
OpenStack Keystone vulnerabilities
2014-08-21 00:00:00
securityvulns
securityvulns
[USN-2324-1] OpenStack Keystone vulnerabilities
2014-08-24 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2324-1)
2014-08-22 00:00:00
4.9 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
6.1 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
56.4%
Related for NVD:CVE-2014-5253