OpenStack keystonemiddleware Vulnerability in Certification Verification
CVE-2015-1852
Currently unrated
Key Information:
- Vendor
- Openstack
- Vendor
- CVE Published:
- 17 April 2015
Summary
The s3_token middleware in OpenStack keystonemiddleware prior to version 1.6.0 and python-keystoneclient prior to 1.4.0 is susceptible to a critical flaw where the certification verification process is bypassed if the 'insecure' option is enabled in the paste configuration. This vulnerability exposes systems to potential man-in-the-middle attacks by allowing malicious actors to exploit crafted certificates, thereby compromising the integrity and confidentiality of data transmitted between clients and servers.
References
Timeline
Vulnerability published
Vulnerability Reserved