The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) prior to 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack python-keystoneclient 0.2.3 |
||
openstack python-keystoneclient 0.2.2 |
||
openstack python-keystoneclient 0.3.0 |
||
openstack python-keystoneclient 0.3.1 |
||
openstack python-keystoneclient 0.3.2 |
||
openstack python-keystoneclient |
||
openstack python-keystoneclient 0.2.4 |