date: 2014-03-27

id: OSSA-2014-007

title: 'Potential context confusion in Keystone middleware'

description: 'Kieran Spear from the University of Melbourne reported a vulnerability
  in Keystone auth_token middleware (shipped in python-keystoneclient). By doing repeated
  requests, with sufficient load on the target system, an authenticated user may in
  certain situations assume another authenticated user''s complete identity and multi-tenant
  authorizations, potentially resulting in a privilege escalation. Note that it is
  related to a bad interaction between eventlet and python-memcached that should be
  avoided if the calling process already monkey-patches "thread" to use eventlet.
  Only keystone middleware setups using auth_token with memcache are vulnerable.'

reference: http://lists.openstack.org/pipermail/openstack-announce/2014-March/000211.html

affected-products:

  - product: python-keystoneclient
    version: All versions up to 0.6.0

vulnerabilities:

  - cve-id: CVE-2014-0105
    impact-assessment:
      source: 'Red Hat Product Security'
      rating: important
      assessment:
        type: CVSS2
        score: 4.3
        detail: AV:N/AC:M/Au:N/C:N/I:P/A:N
    classification:
      source: 'Red Hat Product Security'
      type: CWE
      detail: TODO

reporters:

  - name: 'Kieran Spear'
    affiliation: 'University of Melbourne'
    reported:
      - CVE-2014-0105

issues:

  links:
    - https://launchpad.net/bugs/1282865

  type: launchpad

reviews:

  python-keystoneclient-0.7.0:
    - https://review.openstack.org/#/c/81078

  type: gerrit