CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
EPSS
Percentile
56.3%
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before
2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect
precision, which causes the expiration comparison for tokens to fail and
allows remote authenticated users to retain access via an expired token.
Author | Note |
---|---|
jdstrand | per upstream, revocation events first added in Icehouse (Ubuntu 14.04 LTS) |
git.openstack.org/cgit/openstack/keystone/commit/?id=6cbf835542d62e6e5db4b4aef7141b1731cad9dc
launchpad.net/bugs/1347961
launchpad.net/bugs/cve/CVE-2014-5251
nvd.nist.gov/vuln/detail/CVE-2014-5251
security-tracker.debian.org/tracker/CVE-2014-5251
ubuntu.com/security/notices/USN-2324-1
www.cve.org/CVERecord?id=CVE-2014-5251