Vulnerability in Openstack Python-keystoneclient

CVE-2014-0105

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in oppo…

EPSS: 0.005 (64.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Python-keystoneclient — versions 0.2.2, 0.2.3, 0.2.4
N/a — versions n/a

Weakness classification (CWE)

CWE-255

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
[oss-security] 20140327 [OSSA 2014-007] Potential context confusion in Keystone middleware (CVE-2014-0105) (mailing-list, x_refsource_MLIST, Patch)
RHSA-2014:0382 (x_refsource_REDHAT, vendor-advisory)
RHSA-2014:0409 (x_refsource_REDHAT, vendor-advisory)