oss-sec mailing list archives
Re: CVE request for vulnerability in OpenStack Keystone
From: cve-assign () mitre org
Date: Fri, 15 Aug 2014 02:24:46 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Multiple vulnerabilities in Keystone revocation events
https://launchpad.net/bugs/1347961
When MySQL is used to store revocation events, events are returned from the database with the timestamps truncated to the second. This causes a revocation event for a token (which has the issued_at timestamp to the microsecond) to not match
Use CVE-2014-5251.
https://launchpad.net/bugs/1348820
When the server converted a V2 token to a V3 token it regenerated the issued_at time ... This was causing the server to fail to revoke a V2 token
Use CVE-2014-5252.
https://launchpad.net/bugs/1349597
A token scoped to a domain wouldn't be revoked for a domain-wide revocation event.
Use CVE-2014-5253. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJT7ac2AAoJEKllVAevmvmsKIoH/id1hfj2XZ/6vUAbSgb4Yrar y6Ozz2ma5KfeSXxC5BQs9TEh9w4sG2Bz6HTmGHjwt4XAhR6X/56d/xmHDtwJXyiu NLEitTX6By23ehPVO26D4/h0wRFYzWve5ey/WLzeJVfM1P0HgBRxjeMFZF+rFcVm OusIkEardviGTZDX+gz8YNu6Bmd+OMSVrAi0ow/Oyw2YVZPmRnFLi/xp66jHxHer Hnq7c7lZ4Pna1N1L/3Bn3Cf/aW1V6u6FmIT6CP5697myylYEDTcvU9sX9suCxuzs GrSXYHHXbK0BVJxYgUGeNbVVB1paxuQkuk2LnQNS6aOeOM8BIeAFZAySyWKKEs0= =me1L -----END PGP SIGNATURE-----
Current thread:
- CVE request for vulnerability in OpenStack Keystone Tristan Cacqueray (Aug 05)
- Re: CVE request for vulnerability in OpenStack Keystone cve-assign (Aug 14)
- <Possible follow-ups>
- Re: CVE request for vulnerability in OpenStack Keystone Kurt Seifried (Aug 14)