PT-2019-6882 · Openstack · Python-Keystoneclient

Paul Mcmillan

·

Published

2019-12-10

·

Updated

2023-02-13

·

CVE-2013-2167

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions python-keystoneclient versions 0.2.3 through 0.2.5
Description The issue concerns a middleware memcache signing bypass in the python-keystoneclient.
Recommendations For python-keystoneclient versions 0.2.3 through 0.2.5, update to a version outside of the affected range to resolve the issue.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

CVE-2013-2167
GHSA-9VG3-CF92-H2H7
PYSEC-2019-161
RHSA-2013:0992

Affected Products

Python-Keystoneclient