CVE-2013-2166

The CVE-2013-2166 entry concerns python-keystoneclient versions 0.2.3 to 0.2.5, where the middleware memcache encryption bypass is documented. Multiple connected records (GHSA-C3XQ-CJ8F-7829 and OSV entries) confirm the same issue and reference advisories like RHSA-2013:0992. The vulnerability ce...

CVE-2015-1852

OpenStack keystonemiddleware and python-keystoneclient are vulnerable to a man-in-the-middle attack when the paste.ini configuration’s insecure option is used. Specifically, the s3_token middleware in keystonemiddleware (and python-keystoneclient) disables TLS certificate verification if insecure...

CVE-2013-2167

CVE-2013-2167 affects python-keystoneclient versions 0.2.3 through 0.2.5, where the middleware memcache signing bypass creates a security feature bypass vulnerability. Connected sources confirm the issue is described as a middleware signing bypass in that range of versions, with related advisorie...

CVE-2013-2104

CVE-2013-2104 affects Python-keystoneclient = 0.2.4) as part of OpenStack/Keystone updates; multiple advisories reference this fix (e.g., RHSA-2013:0944, openSUSE/SUSE patches). Technical details and affected environments are corroborated across Nessus, OSV, and OSV.DEBIAN entries in the connecte...

CVE-2013-2013

CVE-2013-2013 affects python-keystoneclient prior to 0.2.4. The user-password-update command accepts the new password via the --password argument, allowing a local attacker to reveal the password by listing the process. Impact is local information disclosure; remediation is to upgrade to 0.2.4+ o...

CVE-2014-7144

OpenStack keystonemiddleware/python-keystoneclient (0.x <0.11.0; 1.x

CVE-2014-0105

The CVE-2014-0105 issue affects python-keystoneclient