CVE-2014-5251
medium
CVSS v3
—
CVSS v2
4.9
VIR risk
4.9
Description
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-5251
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 2014.1.2.1-1 |
| debian | bullseye | fixed | 2014.1.2.1-1 |
| debian | forky | fixed | 2014.1.2.1-1 |
| debian | sid | fixed | 2014.1.2.1-1 |
| debian | trixie | fixed | 2014.1.2.1-1 |
| ubuntu | 14.04 | affected | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| PyPI | keystone | <8.0.0a0 | 8.0.0a0 |
References
- http://rhn.redhat.com/errata/RHSA-2014-1121.html
- http://rhn.redhat.com/errata/RHSA-2014-1122.html
- http://www.openwall.com/lists/oss-security/2014/08/15/6
- http://www.ubuntu.com/usn/USN-2324-1
- https://bugs.launchpad.net/keystone/+bug/1347961
- https://nvd.nist.gov/vuln/detail/CVE-2014-5251
- https://github.com/openstack/keystone/commit/6cbf835542d62e6e5db4b4aef7141b1731cad9dc
- https://github.com/openstack/keystone/commit/7aee6304f653475a4130dc3e5be602e91481f108
- https://github.com/openstack/keystone
- https://github.com/pypa/advisory-database/tree/main/vulns/keystone/PYSEC-2014-107.yaml
- https://security-tracker.debian.org/tracker/CVE-2014-5251
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.