First published: Tue Apr 15 2014(Updated: )
A context confusion vulnerability was identified in Keystone auth_token middleware (shipped in python-keystoneclient) before 0.7.0. By doing repeated requests, with sufficient load on the target system, an authenticated user may in certain situations assume another authenticated user's complete identity and multi-tenant authorizations, potentially resulting in a privilege escalation. Note that it is related to a bad interaction between eventlet and python-memcached that should be avoided if the calling process already monkey-patches "thread" to use eventlet. Only keystone middleware setups using auth_token with memcache are vulnerable.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
pip/python-keystoneclient | <=0.6.0 | 0.7.0 |
OpenStack Keystone | <=0.4.2 | |
OpenStack Keystone | =0.2.2 | |
OpenStack Keystone | =0.2.3 | |
OpenStack Keystone | =0.2.4 | |
OpenStack Keystone | =0.3.0 | |
OpenStack Keystone | =0.3.1 | |
OpenStack Keystone | =0.3.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-0105 is considered to be a moderate severity vulnerability due to its potential for user impersonation under specific conditions.
To fix CVE-2014-0105, upgrade the python-keystoneclient to version 0.7.0 or later immediately.
Versions of python-keystoneclient before 0.7.0, specifically up to 0.6.0, are affected by CVE-2014-0105.
Users of the affected python-keystoneclient versions may be impacted, particularly in environments with high request loads.
CVE-2014-0105 is a context confusion vulnerability that allows authenticated users to potentially assume other users' identities.