VDB
DEBIAN-CVE-2014-0105
DEBIAN-CVE-2014-0105
PUBLISHED
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | python-keystoneclient | 0, 0, 0 |
| Debian:14 | keystone | 0, 0, 0 |
| Debian:13 | python-keystoneclient | 0, 0, 0 |
| Debian:13 | keystone | 0, 0, 0 |
| Debian:11 | keystone | 0, 0, 0 |
| Debian:11 | python-keystoneclient | 0, 0, 0 |
| Debian:14 | python-keystoneclient | 0, 0, 0 |
| Debian:12 | keystone | 0, 0, 0 |
Timeline
- Apr 15, 2014 CVE Published
- Apr 28, 2026 CVE Updated