CVE-2014-0105Insufficiently Protected Credentials in Python-keystoneclient

CWE-255CWE-522Insufficiently Protected Credentials10 documents7 sources
Severity
6.0MEDIUMNVD
EPSS
0.4%
top 41.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openstack KeystoneOpenstack Python-keystoneclient
Timeline
PublishedApr 15
Latest updateMay 17

Description

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

Debianopenstack/keystone< 2013.1.1-2+3

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
OSV
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware2022-05-17
GHSA
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware2022-05-17
CVEList
CVE-2014-0105: The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 02014-04-15
OSV
CVE-2014-0105: The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 02014-04-15

📋Vendor Advisories

2
Red Hat
python-keystoneclient: Potential context confusion in Keystone middleware2014-03-27
Debian
CVE-2014-0105: keystone - The auth_token middleware in the OpenStack Python client library for Keystone (a...2014

💬Community

3
Bugzilla
CVE-2014-0105 python-keystoneclient: Potential context confusion in Keystone middleware [fedora-all]2014-03-28
Bugzilla
CVE-2014-0105 python-keystoneclient: Potential context confusion in Keystone middleware2014-03-28
Bugzilla
CVE-2014-0105 python-keystoneclient: Potential context confusion in Keystone middleware [epel-6]2014-03-28
CVE-2014-0105 — Insufficiently Protected Credentials | cvebase