VulnerableCode Package Details - pkg:deb/debian/keystone@2014.1.2.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-h1xa-f7tm-tudx	OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.	CVE-2014-5253 GHSA-77w8-qv8m-386h PYSEC-2014-109
VCID-hjrj-k1wk-jbha	The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.	CVE-2014-5251 GHSA-gmvp-5rf9-mxcm PYSEC-2014-107
VCID-s3gc-cxxf-63ed	The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.	CVE-2014-5252 GHSA-v8fq-gq9j-3v7h PYSEC-2014-108

Vulnerability

Summary

Aliases

VCID-h1xa-f7tm-tudx

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

CVE-2014-5253
GHSA-77w8-qv8m-386h
PYSEC-2014-109

VCID-hjrj-k1wk-jbha

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

CVE-2014-5251
GHSA-gmvp-5rf9-mxcm
PYSEC-2014-107

VCID-s3gc-cxxf-63ed

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

CVE-2014-5252
GHSA-v8fq-gq9j-3v7h
PYSEC-2014-108

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:03:35.830566+00:00	Debian Importer	Fixing	VCID-hjrj-k1wk-jbha	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:44:04.685005+00:00	Debian Importer	Fixing	VCID-s3gc-cxxf-63ed	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T08:39:29.542293+00:00	Debian Importer	Fixing	VCID-h1xa-f7tm-tudx	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T17:49:27.624442+00:00	Debian Importer	Fixing	VCID-s3gc-cxxf-63ed	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:49:27.581350+00:00	Debian Importer	Fixing	VCID-hjrj-k1wk-jbha	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T17:49:14.405442+00:00	Debian Importer	Fixing	VCID-h1xa-f7tm-tudx	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:28:03.331773+00:00	Debian Importer	Fixing	VCID-h1xa-f7tm-tudx	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:28:03.290573+00:00	Debian Importer	Fixing	VCID-s3gc-cxxf-63ed	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:28:03.249197+00:00	Debian Importer	Fixing	VCID-hjrj-k1wk-jbha	https://security-tracker.debian.org/tracker/data/json	38.1.0