Skip to main content

Keystonemiddleware

3 CVEs product

Monthly

CVE-2015-7546 PyPI HIGH PATCH This Week

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Python Authentication Bypass Keystonemiddleware Keystone Solaris
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2015-1852 PyPI MEDIUM PATCH This Month

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware Python Keystoneclient Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7144 PyPI MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware Python Keystoneclient
NVD
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Python Authentication Bypass Keystonemiddleware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy