RSS   Vulnerabilities for 'Python-keystoneclient'   RSS

2019-12-10
 
CVE-2013-2167

CWE-345
 

 
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

 
 
CVE-2013-2166

CWE-326
 

 
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

 
2016-02-03
 
CVE-2015-7546

 

 
The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers, which allows remote authenticated users to bypass intended access restrictions and gain access to cloud resources by manipulating byte fields within a revoked token.

 
2015-04-17
 
CVE-2015-1852

 

 
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

 
2014-10-02
 
CVE-2014-7144

 

 
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

 
2014-04-15
 
CVE-2014-0105

CWE-255
 

 
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

 
2014-01-21
 
CVE-2013-2104

CWE-264
 

 
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

 
2013-10-01
 
CVE-2013-2013

CWE-200
 

 
The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

 

 >>> Vendor: Openstack 55 Products
Compute
Essex
NOVA
Horizon
Diablo
Folsom
Keystone
Swift
Glance
Grizzly
Cinder folsom
Compute (nova) essex
Compute (nova) folsom
Keystone essex
Devstack
Havana
Python glanceclient
Python-keystoneclient
Image registry and delivery service (glance)
Ceilometer
HEAT
OSLO
Icehouse
Neutron
JUNO
Pycadf
Telemetry (ceilometer)
Keystonemiddleware
Cinder
Trove
Compute (nova)
KILO
Ironic inspector
Swift3
Tripleo heat templates
Mitaka-murano
Murano
Murano-dashboard
Python-muranoclient
Puppet-gerrit
Nova-lxd
Manila
Ironic
Cloud magnum orchestration
Openstack
Designate
Instack-undercloud
Swauth
Puppet-tripleo
Oslo.middleware
Tripleo-common
Magnum
Ironic-inspector
Os-vif
Puppet-swift


Copyright 2022, cxsecurity.com

 

Back to Top