CVE-2014-5251 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2014-5251

CVE-2014-5251

August 25, 2014

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

Related Resources (10)

https://bugs.launchpad.net/keystone/+bug/1347961

https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml

http://www.ubuntu.com/usn/USN-2324-1

https://github.com/openstack/keystone

http://www.openwall.com/lists/oss-security/2014/08/15/6

https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc

http://rhn.redhat.com/errata/RHSA-2014-1121.html

http://rhn.redhat.com/errata/RHSA-2014-1122.html

https://nvd.nist.gov/vuln/detail/CVE-2014-5251

https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108

Do you need more information?

CVSS v4

Base Score:

2.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

LOW

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.2

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

4.9

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Insufficient Session Expiration

CWE-613

EPSS

Base Score:

0.31

Products

Solutions

Resources

Company

Compare

Developer Tools