CVE-2014-5251

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

Published Bycve@mitre.org

Published DateAug 25, 2014, 14:55

Affected Versions(1)

keystone(PyPI)

Introduced0

Fixed8.0.0a0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
keystone(PyPI)	0	8.0.0a0	N/A

Weakness Type (CWE):CWE-255

CVSS Metrics

Base Score

4.9

Vector String

AV:N/AC:M/Au:S/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-255

CVSS Metrics

Base Score

4.9

Vector String

AV:N/AC:M/Au:S/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE