CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5252

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 48.0%

CVSS Severity

CVSS v2 Score 4.9

References

http://rhn.redhat.com/errata/RHSA-2014-1121.html
http://rhn.redhat.com/errata/RHSA-2014-1122.html
http://www.openwall.com/lists/oss-security/2014/08/15/6
http://www.ubuntu.com/usn/USN-2324-1
https://bugs.launchpad.net/keystone/+bug/1348820
http://rhn.redhat.com/errata/RHSA-2014-1121.html
http://rhn.redhat.com/errata/RHSA-2014-1122.html
http://www.openwall.com/lists/oss-security/2014/08/15/6
http://www.ubuntu.com/usn/USN-2324-1
https://bugs.launchpad.net/keystone/+bug/1348820

Products affected by CVE-2014-5252

Openstack » Keystone » Version: 2014.1

cpe:2.3:a:openstack:keystone:2014.1
Openstack » Keystone » Version: 2014.1.2

cpe:2.3:a:openstack:keystone:2014.1.2
Openstack » Keystone » Version: juno-1

cpe:2.3:a:openstack:keystone:juno-1
Openstack » Keystone » Version: juno-2

cpe:2.3:a:openstack:keystone:juno-2
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5252

Products

Pricing

Contact Us