oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request for vulnerability in OpenStack Keystone

From: cve-assign () mitre org
Date: Fri, 15 Aug 2014 02:24:46 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Multiple vulnerabilities in Keystone revocation events




https://launchpad.net/bugs/1347961



When MySQL is used to store revocation events, events are returned
from the database with the timestamps truncated to the second. This
causes a revocation event for a token (which has the issued_at
timestamp to the microsecond) to not match


Use CVE-2014-5251.



https://launchpad.net/bugs/1348820



When the server converted a V2 token to a V3 token it regenerated the
issued_at time ... This was causing the server to fail to revoke a V2
token


Use CVE-2014-5252.



https://launchpad.net/bugs/1349597



A token scoped to a domain wouldn't be revoked for a domain-wide
revocation event.


Use CVE-2014-5253.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJT7ac2AAoJEKllVAevmvmsKIoH/id1hfj2XZ/6vUAbSgb4Yrar
y6Ozz2ma5KfeSXxC5BQs9TEh9w4sG2Bz6HTmGHjwt4XAhR6X/56d/xmHDtwJXyiu
NLEitTX6By23ehPVO26D4/h0wRFYzWve5ey/WLzeJVfM1P0HgBRxjeMFZF+rFcVm
OusIkEardviGTZDX+gz8YNu6Bmd+OMSVrAi0ow/Oyw2YVZPmRnFLi/xp66jHxHer
Hnq7c7lZ4Pna1N1L/3Bn3Cf/aW1V6u6FmIT6CP5697myylYEDTcvU9sX9suCxuzs
GrSXYHHXbK0BVJxYgUGeNbVVB1paxuQkuk2LnQNS6aOeOM8BIeAFZAySyWKKEs0=
=me1L
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: