CVE-2014-5253

Published: 15 August 2014

OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access via a domain-scoped token for that domain.

Priority

Medium

Status

Package Release Status
keystone
Launchpad, Ubuntu, Debian
Upstream
Released (2014.1.2.1-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1:2014.1.2.1-0ubuntu1.1])
Patches:
Upstream: https://review.openstack.org/112084 (icehouse)
Upstream: https://review.openstack.org/109820 (juno)