CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5251

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.6%

CVSS Severity

CVSS v2 Score 4.9

References

http://rhn.redhat.com/errata/RHSA-2014-1121.html
http://rhn.redhat.com/errata/RHSA-2014-1122.html
http://www.openwall.com/lists/oss-security/2014/08/15/6
http://www.ubuntu.com/usn/USN-2324-1
https://bugs.launchpad.net/keystone/+bug/1347961
http://rhn.redhat.com/errata/RHSA-2014-1121.html
http://rhn.redhat.com/errata/RHSA-2014-1122.html
http://www.openwall.com/lists/oss-security/2014/08/15/6
http://www.ubuntu.com/usn/USN-2324-1
https://bugs.launchpad.net/keystone/+bug/1347961

Products affected by CVE-2014-5251

Openstack » Keystone » Version: 2014.1

cpe:2.3:a:openstack:keystone:2014.1
Openstack » Keystone » Version: 2014.1.2

cpe:2.3:a:openstack:keystone:2014.1.2
Openstack » Keystone » Version: juno-1

cpe:2.3:a:openstack:keystone:juno-1
Openstack » Keystone » Version: juno-2

cpe:2.3:a:openstack:keystone:juno-2
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5251

Products

Pricing

Contact Us