CVE-2014-0105
published 2014-04-15CVE-2014-0105: The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens…
medium6CVSS 3.1
AVNACMAuSCPIPAP
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | keystone | < keystone 2013.1.1-2 (bookworm) | keystone 2013.1.1-2 (bookworm) |
| debian | python-keystoneclient | < keystone 2013.1.1-2 (bookworm) | keystone 2013.1.1-2 (bookworm) |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | keystone | >= 0 < 2013.1.1-2 | 2013.1.1-2 |
| openstack | python-keystoneclient | <= 0.4.2 | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | — | — |
| openstack | python-keystoneclient | >= 0 < 1:0.6.0-4 | 1:0.6.0-4 |
| openstack | python-keystoneclient | >= 0 < 1:0.6.0-4 | 1:0.6.0-4 |
| openstack | python-keystoneclient | >= 0 < 1:0.6.0-4 | 1:0.6.0-4 |
| openstack | python-keystoneclient | >= 0 < 1:0.6.0-4 | 1:0.6.0-4 |
| openstack | python-keystoneclient | >= 0 < 0.7.0 | 0.7.0 |
CVSS provenance
nvd6.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.0MEDIUM