VulnerableCode Package Details - pkg:rpm/redhat/openstack-keystone@2014.1.2.1-2?arch=el6ost

Search for packages

Vulnerability	Summary	Fixed by
VCID-h1xa-f7tm-tudx Aliases: CVE-2014-5253 GHSA-77w8-qv8m-386h PYSEC-2014-109	OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.	There are no reported fixed by versions.
VCID-hjrj-k1wk-jbha Aliases: CVE-2014-5251 GHSA-gmvp-5rf9-mxcm PYSEC-2014-107	The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.	There are no reported fixed by versions.
VCID-s3gc-cxxf-63ed Aliases: CVE-2014-5252 GHSA-v8fq-gq9j-3v7h PYSEC-2014-108	The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-h1xa-f7tm-tudx
Aliases:
CVE-2014-5253
GHSA-77w8-qv8m-386h
PYSEC-2014-109

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

There are no reported fixed by versions.

VCID-hjrj-k1wk-jbha
Aliases:
CVE-2014-5251
GHSA-gmvp-5rf9-mxcm
PYSEC-2014-107

The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for tokens to fail and allows remote authenticated users to retain access via an expired token.

There are no reported fixed by versions.

VCID-s3gc-cxxf-63ed
Aliases:
CVE-2014-5252
GHSA-v8fq-gq9j-3v7h
PYSEC-2014-108

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:46:44.186025+00:00	RedHat Importer	Affected by	VCID-hjrj-k1wk-jbha	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5251.json	38.0.0
2026-04-01T14:46:43.960604+00:00	RedHat Importer	Affected by	VCID-s3gc-cxxf-63ed	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5252.json	38.0.0
2026-04-01T14:46:43.919527+00:00	RedHat Importer	Affected by	VCID-h1xa-f7tm-tudx	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5253.json	38.0.0