Keystone vulnerabilities

2015-08-0600:00:00

ubuntu.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

7.5

Confidence

High

EPSS

0.004

Percentile

73.1%

JSON

Releases

Ubuntu 15.04
Ubuntu 14.04 ESM

Packages

python-keystoneclient - Client library for OpenStack Identity API
python-keystonemiddleware - Client library for OpenStack Identity API

Details

Qin Zhao discovered Keystone disabled certification verification when
the “insecure” option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
machine-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)

Brant Knudson discovered Keystone disabled certification verification when
the “insecure” option is set in a paste configuration (paste.ini)
file regardless of the value, which allows remote attackers to conduct
machine-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)

OSVersionArchitecturePackageVersionFilename
Ubuntu15.04noarchpython-keystoneclient< 1:1.2.0-0ubuntu1.1UNKNOWN
Ubuntu15.04noarchpython-keystonemiddleware< 1.5.0-0ubuntu1.1UNKNOWN
Ubuntu15.04noarchpython-keystonemiddleware-doc< 1.5.0-0ubuntu1.1UNKNOWN
Ubuntu14.04noarchpython-keystoneclient< 1:0.7.1-ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	15.04	noarch	python-keystoneclient	< 1:1.2.0-0ubuntu1.1	UNKNOWN
Ubuntu	15.04	noarch	python-keystonemiddleware	< 1.5.0-0ubuntu1.1	UNKNOWN
Ubuntu	15.04	noarch	python-keystonemiddleware-doc	< 1.5.0-0ubuntu1.1	UNKNOWN
Ubuntu	14.04	noarch	python-keystoneclient	< 1:0.7.1-ubuntu1.2	UNKNOWN