CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
EPSS
Percentile
56.3%
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before
Juno-3 does not properly revoke tokens when a domain is invalidated, which
allows remote authenticated users to retain access via a domain-scoped
token for that domain.
Author | Note |
---|---|
jdstrand | Per upstream, revocation events added in Icehouse (Ubuntu 14.04 LTS) |
git.openstack.org/cgit/openstack/keystone/commit/?id=317f9d34b4da20c21edd5b851889298b67c843e1
launchpad.net/bugs/1349597
launchpad.net/bugs/cve/CVE-2014-5253
nvd.nist.gov/vuln/detail/CVE-2014-5253
security-tracker.debian.org/tracker/CVE-2014-5253
ubuntu.com/security/notices/USN-2324-1
www.cve.org/CVERecord?id=CVE-2014-5253