CVE-2014-0105
Description
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an interaction between eventlet and python-memcached.
Risk Information
Base Score
6.0
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.371
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2014-0105 are fixed in Python-python-keystoneclient 0.7.0 | Windows |
| Vulnerabilities CVE-2014-0105 are fixed in Python-python-keystoneclient for linux 0.7.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234