CVE-2014-0105

Related Files

Red Hat Security Advisory 2014-0442-01

Posted Apr 29, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0442-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python

systems | linux, redhat

advisories | CVE-2014-0105

SHA-256 | 90de0d5d1901866aea6b25380c9b7653ebb6058d87fd37e433c3292b6ef4f1de

Download | Favorite | View

Red Hat Security Advisory 2014-0409-02

Posted Apr 17, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0409-02 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. The gluster-swift component, provided by Red Hat Storage, requires the auth_token middleware. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python

systems | linux, redhat

advisories | CVE-2014-0105

SHA-256 | debcf705b06b5d1037df044c9082983bed52386575c5808c293ec0369d358fea

Download | Favorite | View

Red Hat Security Advisory 2014-0382-01

Posted Apr 9, 2014

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0382-01 - Python-keystoneclient is a client library and a command line utility for interacting with the OpenStack Identity API. The OpenStack Identity auth_token middleware component handles the authentication of tokens with keystone. When using the auth_token middleware with the memcached token cache enabled, a token for a different identity could be returned. An authenticated user could use this flaw to escalate their privileges by making repeated requests that could eventually allow the user to acquire the administrator's identity. Note that only OpenStack Identity setups using auth_token with memcached were affected.

tags | advisory, python

systems | linux, redhat

advisories | CVE-2014-0105

SHA-256 | 297e1003410dcf60a89fdc9e38b34135aa67e5284db0c945d874f56b36d8ebcc

Download | Favorite | View