OpenStack Python Client Library Vulnerability in Keystone Middleware
CVE-2014-0105
Currently unrated
Summary
The auth_token middleware in the OpenStack Python client library for Keystone prior to version 0.7.0 exhibits a flaw in how user tokens are retrieved from memcache. This vulnerability can be exploited by remote authenticated users to gain elevated privileges under certain conditions, especially when a high volume of requests is initiated. The issue stems from an interaction between eventlet, a concurrent networking library, and python-memcached, potentially allowing for abuse in multi-threaded scenarios.
References
Timeline
Vulnerability published
Vulnerability Reserved