CVE-2014-0105

Currently unrated

Key Information:

Vendor: Openstack
Status: Python-keystoneclient
Vendor: CVE Published:; 15 April 2014

Summary

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

References

https://bugs.launchpad.net/python-keystoneclient/+bug/128...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/03/27/4

mailing-listx_refsource_MLIST

http://rhn.redhat.com/errata/RHSA-2014-0382.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Apr 15, 2014
Vulnerability Reserved
Dec 3, 2013