OpenStack keystonemiddleware Vulnerability in Certification Verification
CVE-2015-1852

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
17 April 2015

Summary

The s3_token middleware in OpenStack keystonemiddleware prior to version 1.6.0 and python-keystoneclient prior to 1.4.0 is susceptible to a critical flaw where the certification verification process is bypassed if the 'insecure' option is enabled in the paste configuration. This vulnerability exposes systems to potential man-in-the-middle attacks by allowing malicious actors to exploit crafted certificates, thereby compromising the integrity and confidentiality of data transmitted between clients and servers.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.