CVE-2014-0105

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

Published: Apr 15, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-0105
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-255

Affected Software
References

Software	From	Fixed in
openstack / python-keystoneclient	0.3.1	0.3.1.x
openstack / python-keystoneclient	0.2.2	0.2.2.x
openstack / python-keystoneclient	-	0.4.2.x
openstack / python-keystoneclient	0.3.0	0.3.0.x
openstack / python-keystoneclient	0.2.4	0.2.4.x
openstack / python-keystoneclient	0.3.2	0.3.2.x
openstack / python-keystoneclient	0.2.3	0.2.3.x

http://rhn.redhat.com/errata/RHSA-2014-0382.html
http://rhn.redhat.com/errata/RHSA-2014-0409.html
http://www.openwall.com/lists/oss-security/2014/03/27/4
https://bugs.launchpad.net/python-keystoneclient/+bug/1282865

Vulnerability Database

289,697

CVE-2014-0105