CVE-2014-5251 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2014-5251 Interim 1 7 2022-10-15T17:15:20Z current 2021-05-30T13:22:28Z 2022-10-15T17:15:20Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2014-5251 The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2014-September/001018.html E-Mail link for SUSE-SU-2014:1219-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE OpenStack Cloud 4 openstack-keystone-2014.1.3.dev3.gb812131-0.7.1 openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1 python-keystone-2014.1.3.dev3.gb812131-0.7.1 openstack-keystone-2014.1.3.dev3.gb812131-0.7.1 as a component of SUSE OpenStack Cloud 4 openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1 as a component of SUSE OpenStack Cloud 4 python-keystone-2014.1.3.dev3.gb812131-0.7.1 as a component of SUSE OpenStack Cloud 4 The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token. CVE-2014-5251 SUSE OpenStack Cloud 4:openstack-keystone-2014.1.3.dev3.gb812131-0.7.1 SUSE OpenStack Cloud 4:openstack-keystone-doc-2014.1.3.dev3.gb812131-0.7.1 SUSE OpenStack Cloud 4:python-keystone-2014.1.3.dev3.gb812131-0.7.1 moderate 4.9 AV:N/AC:M/Au:S/C:P/I:P/A:N