Lucene search
K

5 matches found

OSV
OSV
added 2022/05/17 3:17 a.m.22 views

GHSA-P9WQ-MJH8-Q72M OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

8.7CVSS7.2AI score0.02586EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2022/05/17 3:17 a.m.30 views

OpenStack keystonemiddleware and python-keystoneclient vulnerable to man-in-the-middle attacks

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

4.3CVSS6.9AI score0.02586EPSS
Exploits0References15Affected Software2
Veracode
Veracode
added 2019/01/15 9:7 a.m.22 views

Man-in-the-Middle (MitM) Attacks

The s3token middleware in python-keystoneclient is vulnerable to man-in-the-middle attacks. This vulnerability is caused when python-keystoneclient disables certificate verification when the "insecure" option is set in a paste.ini file regardless of the value...

4.3CVSS5.8AI score0.02586EPSS
Exploits0References13Affected Software2
NVD
NVD
added 2015/04/17 5:59 p.m.20 views

CVE-2015-1852

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

4.3CVSS6.2AI score0.02586EPSS
Exploits0References7
OSV
OSV
added 2015/04/17 5:59 p.m.3 views

DEBIAN-CVE-2015-1852

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

4.3CVSS7AI score0.02586EPSS
Exploits0References1
Rows per page
Query Builder