OpenStack keystonemiddleware Vulnerability in Certification Verification
CVE-2015-1852

Currently unrated

Key Information:

Vendor

Openstack
Status
Keystonemiddleware
Python-keystoneclient
Vendor
CVE Published:
17 April 2015

What is CVE-2015-1852?

The s3_token middleware in OpenStack keystonemiddleware prior to version 1.6.0 and python-keystoneclient prior to 1.4.0 is susceptible to a critical flaw where the certification verification process is bypassed if the 'insecure' option is enabled in the paste configuration. This vulnerability exposes systems to potential man-in-the-middle attacks by allowing malicious actors to exploit crafted certificates, thereby compromising the integrity and confidentiality of data transmitted between clients and servers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.ubuntu.com/usn/USN-2705-1
vendor-advisoryx_refsource_UBUNTU
http://lists.openstack.org/pipermail/openstack-announce/2...
mailing-listx_refsource_MLIST
https://bugs.launchpad.net/keystonemiddleware/+bug/1411063
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.