Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 8 of 8 results

CVE-2013-2167

Medium priority
Ignored

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2013-2166

Low priority
Ignored

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2013-2255

Low priority
Ignored

HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.

6 affected packages

cinder, keystone, nova, python-keystoneclient, quantum, swift

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cinder
keystone
nova
python-keystoneclient
quantum
swift
Show less packages

CVE-2015-1852

Medium priority

Some fixes available 3 of 5

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless...

2 affected packages

python-keystoneclient, python-keystonemiddleware

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
python-keystonemiddleware
Show less packages

CVE-2014-7144

Medium priority

Some fixes available 1 of 3

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the...

2 affected packages

python-keystoneclient, python-keystonemiddleware

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
python-keystonemiddleware
Show less packages

CVE-2014-0105

Low priority
Ignored

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain...

2 affected packages

keystone, python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone Not affected
python-keystoneclient Not affected
Show less packages

CVE-2013-2013

Low priority
Ignored

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

1 affected packages

python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-keystoneclient
Show less packages

CVE-2013-2104

Medium priority
Fixed

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a...

2 affected packages

keystone, python-keystoneclient

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
keystone
python-keystoneclient
Show less packages