CVE-2014-5251
OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
6.5
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
How to fix CVE-2014-5251
To remediate CVE-2014-5251, upgrade the affected package to a fixed version below.
- —upgrade to 2014.1.2.1-1 or later
- —upgrade to 8.0.0a0 or later
- —upgrade to 8.0.0a0 or later
Is CVE-2014-5251 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2014.1.2.1-1
- from 0, < 8.0.0a0
- from 0, < 8.0.0a0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |