CVE-2014-0105
Published Apr 15, 2014
Last updated 7 years ago
Overview
- Description
- The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-255
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64435D7F-2446-4ACC-9545-1F97B5709255",
"versionEndIncluding": "0.4.2"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "499E63B2-46EE-4DDF-9CA2-AE5A897D8AD0"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0FB2417-4422-42EB-B123-EAD571255ACA"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C35CE6E9-262A-4D24-8EF3-F8959DCE7923"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C710E27-36E5-4632-8CAC-650EBC851FA2"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "926AD421-75F9-4C70-BD5F-423E371FDB2B"
},
{
"criteria": "cpe:2.3:a:openstack:python-keystoneclient:0.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22C8F21E-036B-4EAA-A135-33B94EE25DCE"
}
],
"operator": "OR"
}
]
}
]