Published: 15/04/2014 Updated: 16/12/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) prior to 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

Vulnerable Product	Search on Vulmon	Subscribe to Product
openstack python-keystoneclient 0.2.3
openstack python-keystoneclient 0.2.2
openstack python-keystoneclient 0.3.0
openstack python-keystoneclient 0.3.1
openstack python-keystoneclient 0.3.2
openstack python-keystoneclient
openstack python-keystoneclient 0.2.4

Debian Bug report logs - #742898 CVE-2014-0105: Potential context confusion in Keystone middleware Package: python-keystoneclient; Maintainer for python-keystoneclient is Debian OpenStack <team+openstack@trackerdebianorg>; Source for python-keystoneclient is src:python-keystoneclient (PTS, buildd, popcon) Reported by: Thom ...

CWE-255 http://rhn.redhat.com/errata/RHSA-2014-0382.html https://bugs.launchpad.net/python-keystoneclient/+bug/1282865 http://www.openwall.com/lists/oss-security/2014/03/27/4 http://rhn.redhat.com/errata/RHSA-2014-0409.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742898 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0105

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect