CVE-2014-5251

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-5251.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2014-5251

Aliases

Related

Published

2014-08-25T14:55:07Z

Modified

2024-11-25T22:42:38.899011Z

Summary

[none]

Details

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

References

Affected packages

Debian:11 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.1.2.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.1.2.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / keystone

Package

Name: keystone
Purl: pkg:deb/debian/keystone?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2014.1.2.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}