CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
EPSS
Percentile
71.2%
The auth_token middleware in the OpenStack Python client library for
Keystone (aka python-keystoneclient) before 0.7.0 does not properly
retrieve user tokens from memcache, which allows remote authenticated users
to gain privileges in opportunistic circumstances via a large number of
requests, related to an “interaction between eventlet and
python-memcached.”
Author | Note |
---|---|
jdstrand | According to upstream, this is difficult to reliably attack since it is dependent on server interactions code present in keystone in Essex and Folsom, python-keystoneclient in Grizzly and higher |