VYPR
High severityNVD Advisory· Published Aug 25, 2014· Updated Jun 17, 2026

CVE-2014-5252

CVE-2014-5252

Description

The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonePyPI
< 8.0.0a08.0.0a0

Affected products

6
  • cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:openstack:keystone:2014.1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:2014.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:juno-1:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystone:juno-2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • ghsa-coords
    Range: < 8.0.0a0

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.