Kspear

**Name of the Vulnerable Software and Affected Versions** python-keystoneclient versions prior to 0.7.0 **Description** A context confusion issue exists in the Keystone auth token middleware, allowing remote authenticated users to potentially gain privileges under certain circumstances. This is related to a bad interaction between eventlet and python-memcached. By making repeated requests with sufficient load on the target system, an authenticated user may assume another authenticated user's complete identity and multi-tenant authorizations, potentially resulting in privilege escalation. This issue affects keystone middleware setups using auth token with memcache. **Recommendations** For versions prior to 0.7.0, update to version 0.7.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of memcache with the auth token middleware or restricting the load on the target system to minimize the risk of exploitation.