python-keystoneclient 0.2.5 vulnerabilities

Known vulnerabilities in the python-keystoneclient package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
C Inadequate Encryption Strength python-keystoneclient is a client for the OpenStack Identity API, implemented by the Keystone team; it contains a Python API (the `keystoneclient` module) for OpenStack’s Identity Service Affected versions of this package are vulnerable to Inadequate Encryption Strength. It has middleware `memcache` encryption bypass. How to fix Inadequate Encryption Strength? Upgrade `python-keystoneclient` to version 0.3.0 or higher.	[0.2.3,0.3.0)
C Insufficient Verification of Data Authenticity python-keystoneclient is a client for the OpenStack Identity API, implemented by the Keystone team; it contains a Python API (the `keystoneclient` module) for OpenStack’s Identity Service Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to middleware memcache signing bypass. How to fix Insufficient Verification of Data Authenticity? Upgrade `python-keystoneclient` to version 0.3.0 or higher.	[0.2.3,0.3.0)
M Man-in-the-Middle (MitM) Affected versions of `python-keystoneclient` are vulnerable to Man-in-the-Middle (MitM) attacks. The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. How to fix Man-in-the-Middle (MitM)? Upgrade `python-keystoneclient` to version 1.4.0 or higher.	[,1.4.0)
M Access Restriction Bypass `python-keystoneclient` is a Client Library for OpenStack Identity The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached." How to fix Access Restriction Bypass? Upgrade to version `0.7.0` or greater.	[,0.7.0)

Vulnerability

Vulnerable Version

Inadequate Encryption Strength

python-keystoneclient is a client for the OpenStack Identity API, implemented by the Keystone team; it contains a Python API (the keystoneclient module) for OpenStack’s Identity Service

Affected versions of this package are vulnerable to Inadequate Encryption Strength. It has middleware memcache encryption bypass.

How to fix Inadequate Encryption Strength?

Upgrade python-keystoneclient to version 0.3.0 or higher.

[0.2.3,0.3.0)

Insufficient Verification of Data Authenticity

python-keystoneclient is a client for the OpenStack Identity API, implemented by the Keystone team; it contains a Python API (the keystoneclient module) for OpenStack’s Identity Service

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to middleware memcache signing bypass.

How to fix Insufficient Verification of Data Authenticity?

Upgrade python-keystoneclient to version 0.3.0 or higher.

[0.2.3,0.3.0)

Man-in-the-Middle (MitM)

Affected versions of python-keystoneclient are vulnerable to Man-in-the-Middle (MitM) attacks.

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

How to fix Man-in-the-Middle (MitM)?

Upgrade python-keystoneclient to version 1.4.0 or higher.

[,1.4.0)

Access Restriction Bypass

python-keystoneclient is a Client Library for OpenStack Identity The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

How to fix Access Restriction Bypass?

Upgrade to version 0.7.0 or greater.

[,0.7.0)

python-keystoneclient@0.2.5 vulnerabilities

Client Library for OpenStack Identity

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?