Vulnerability Name:

CVE-2014-5252 (CCN-95071)

Assigned:2014-07-31
Published:2014-07-31
Updated:2014-10-10
Summary:The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N)
3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-255
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2014-5252

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1121

Source: REDHAT
Type: UNKNOWN
RHSA-2014:1122

Source: CCN
Type: oss-security Mailing List, Tue, 05 Aug 2014 11:05:09 -0400
CVE request for vulnerability in OpenStack Keystone

Source: CCN
Type: IBM Security Bulletin 1021826
Multiple XSS vulnerabilities in IBM Cloud Manager with OpenStack Keystone (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)

Source: MLIST
Type: UNKNOWN
[oss-security] 20140815 [OSSA 2014-026] Multiple vulnerabilities in Keystone revocation events (CVE-2014-5251, CVE-2014-5252, CVE-2014-5253)

Source: CCN
Type: OSVDB ID: 109751
OpenStack Keystone /v3/auth/token V2 Token issued_at Time Handling Bypass

Source: CCN
Type: BID-68978
OpenStack Keystone Token Revocation Failure Security Bypass Vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-2324-1

Source: MISC
Type: UNKNOWN
https://bugs.launchpad.net/keystone/+bug/1348820

Source: CCN
Type: Launchpad Bug #1348820
Token issued_at time changes on /v3/auth/token GET requests

Source: XF
Type: UNKNOWN
keystone-getapi-sec-bypass(95071)

Source: CCN
Type: OpenStack GIT Repository
Add tests related to V2 token issued_at time changing

Source: CCN
Type: OpenStack Web site
Fix revocation event handling with MySQL

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:keystone:2014.1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:keystone:juno-1:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:keystone:juno-2:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

  • Configuration CCN 1:
  • cpe:/a:openstack:keystone:2014.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:55238
    P
    Security update for bind (Moderate)
    2021-08-30
    oval:org.opensuse.security:def:55921
    P
    Security update for libsolv (Moderate)
    2021-06-23
    oval:org.opensuse.security:def:56406
    P
    Security update for postgresql94 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55075
    P
    colord on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56480
    P
    Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:55476
    P
    Security update for gnome-settings-daemon (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56206
    P
    Security update for poppler (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55076
    P
    coolkey on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56518
    P
    Security update for java-1_8_0-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:55649
    P
    Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56314
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:55098
    P
    elfutils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:56599
    P
    Security update for shadow (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55755
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:20145252
    V
    CVE-2014-5252
    2020-11-28
    oval:org.mitre.oval:def:26502
    P
    USN-2324-1 -- keystone vulnerabilities
    2014-10-27
    oval:com.ubuntu.precise:def:20145252000
    V
    CVE-2014-5252 on Ubuntu 12.04 LTS (precise) - medium.
    2014-08-25
    oval:com.ubuntu.trusty:def:20145252000
    V
    CVE-2014-5252 on Ubuntu 14.04 LTS (trusty) - medium.
    2014-08-25
    BACK
    openstack keystone 2014.1
    openstack keystone 2014.1.2
    openstack keystone juno-1
    openstack keystone juno-2
    canonical ubuntu linux 14.04
    openstack keystone 2014.1