OpenStack Identity (Keystone) Multiple vulnerabilities in revocation events
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Aug 25, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
May 14, 2024
Last updated
Nov 26, 2024
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.
References