EUVD-2014-0030

Malware in sbrugna...

RHSA-2015:1677 Red Hat Security Advisory: python-keystoneclient and python-keystonemiddlware security update

Bulletin has no description...

OPENSUSE-SU-2024:10411-1 python-keystonemiddleware-4.9.0-1.3 on GA media

These are all security issues fixed in the python-keystonemiddleware-4.9.0-1.3 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2014-7144

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

SUSE CVE-2015-1852

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

SUSE CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

keystonemiddleware (=1.3.2), python-ceilometerclient (=1.0.15) +3 more potentially affected by CVE-2014-7144 via python-keystoneclient (>=1.1.0 <=1.1.1)

python-keystoneclient PYPI version =1.1.0, =0.9.4, =0.9.9 - python-neutronclient =2.3.12 Source cves: CVE-2014-7144 Source advisory: OSV:GHSA-7F2C-VP52-GMFW...

OpenStack keystonemiddleware does not verify certificate

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

GHSA-7F2C-VP52-GMFW OpenStack keystonemiddleware does not verify certificate

OpenStack keystonemiddleware formerly python-keystoneclient 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct man-in-the-middle...

keystonemiddleware (>=1.3.2 <=1.5.3), python-ceilometerclient (>=1.0.14 <=1.1.2) +7 more potentially affected by CVE-2015-1852 via python-keystoneclient (>=1.1.0 <=1.3.4)

python-keystoneclient PYPI version =1.1.0, =1.3.2, =1.0.14, =1.1.2, =0.14.3, =0.9.4, =0.5.8, =2.23.2, =1.0.4, =1.0.5 Source cves: CVE-2015-1852 Source advisory: OSV:GHSA-P9WQ-MJH8-Q72M...

GHSA-P9WQ-MJH8-Q72M OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

OpenStack Identity Keystone and keystonemiddleware Insufficiently Protected Credentials

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

Man-in-the-Middle (MitM) Attacks

keystonemiddleware is vulnerable to man-in-the-middle MitM attacks. When the insecure option is set in the paste.ini file, keystonemiddleware will always disable certificate verification, regardless of the variables value...

DEBIAN-CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

CVE-2015-7546

The identity service in OpenStack Identity Keystone before 2015.1.3 Kilo and 8.0.x before 8.0.2 Liberty and keystonemiddleware formerly python-keystoneclient before 1.5.4 Kilo and Liberty before 2.3.3 does not properly invalidate authorization tokens when using the PKI or PKIZ token providers,...

keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored

It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware formerly python-keystoneclient were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true,...

[USN-2705-1] Keystone vulnerabilities

========================================================================== Ubuntu Security Notice USN-2705-1 August 06, 2015 python-keystoneclient, python-keystonemiddleware vulnerabilities ========================================================================== A security issue affects these...

Ubuntu: Security Advisory (USN-2705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : python-keystonemiddleware-1.3.2-1.fc22 (2015-11656)

Update to upstream 1.3.2 which incldes fix for CVE-2015-1852 Update to upstream 1.3.1 + S3token incorrect condition expression for sslinsecure CVE-2015-1852 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...