OpenStack Python Keystoneclient
By the Year
In 2024 there have been 0 vulnerabilities in OpenStack Python Keystoneclient . Python Keystoneclient did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 9.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Python Keystoneclient vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent OpenStack Python Keystoneclient Security Vulnerabilities
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
CVE-2013-2166
9.8 - Critical
- December 10, 2019
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass
Inadequate Encryption Strength
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
CVE-2013-2167
9.8 - Critical
- December 10, 2019
python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass
Insufficient Verification of Data Authenticity
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which
CVE-2015-1852
- April 17, 2015
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
DEPRECATED: Code
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which
CVE-2013-2104
- January 21, 2014
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
Permissions, Privileges, and Access Controls
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for OpenStack Python Keystoneclient or by OpenStack? Click the Watch button to subscribe.
