← Zuruck zu CVEs
CVE-2014-5251
N/ABeschreibung
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
CVE Details
CVSS v3.1 BewertungN/A
Veroffentlicht8/25/2014
Zuletzt geandert4/12/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
canonical:ubuntu_linuxopenstack:keystone
Schwachen (CWE)
CWE-255
Referenzen
http://rhn.redhat.com/errata/RHSA-2014-1121.html(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2014-1122.html(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2014/08/15/6(cve@mitre.org)
http://www.ubuntu.com/usn/USN-2324-1(cve@mitre.org)
https://bugs.launchpad.net/keystone/+bug/1347961(cve@mitre.org)
http://rhn.redhat.com/errata/RHSA-2014-1121.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2014-1122.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/08/15/6(af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2324-1(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.launchpad.net/keystone/+bug/1347961(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.