Skip to main content

Python Keystoneclient

5 CVEs product

Monthly

CVE-2015-1852 PyPI MEDIUM PATCH This Month

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware Python Keystoneclient Ubuntu Linux
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2014-7144 PyPI MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware Python Keystoneclient
NVD
CVSS 2.0
4.3
EPSS
0.4%
CVE-2014-0105 PyPI MEDIUM PATCH This Month

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Python Authentication Bypass Python Keystoneclient
NVD VulDB
CVSS 2.0
6.0
EPSS
0.4%
CVE-2013-2104 PyPI MEDIUM PATCH This Month

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Python Keystoneclient
NVD
CVSS 2.0
5.5
EPSS
0.8%
CVE-2013-2013 PyPI LOW PATCH Monitor

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Python Keystoneclient
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware +2
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Python Information Disclosure Keystonemiddleware +1
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Python Authentication Bypass Python Keystoneclient
NVD VulDB
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Python Privilege Escalation Python Keystoneclient
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Python Information Disclosure Python Keystoneclient
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy