CVE-2014-5251

Priority
Medium
Description
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before
2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect
precision, which causes the expiration comparison for tokens to fail and
allows remote authenticated users to retain access via an expired token.
References
Bugs
Notes
jdstrand> per upstream, revocation events first added in Icehouse (Ubuntu
14.04 LTS)
Assigned-to
jdstrand
Package
Upstream:released (2014.1.2.1-1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):released (1:2014.1.2.1-0ubuntu1.1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (1:2014.2~b3-0ubuntu1)
Patches:
Upstream:https://review.openstack.org/111106 (juno)
Upstream:https://review.openstack.org/112087 (incehouse)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-09-15 16:14:33 UTC (commit 8484)