Low severityNVD Advisory· Published Apr 15, 2014· Updated May 6, 2026
CVE-2014-0105
CVE-2014-0105
Description
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-keystoneclientPyPI | < 0.7.0 | 0.7.0 |
Affected products
7cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*range: <=0.4.2
- cpe:2.3:a:openstack:python-keystoneclient:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:python-keystoneclient:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:python-keystoneclient:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:python-keystoneclient:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:python-keystoneclient:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:python-keystoneclient:0.3.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.openwall.com/lists/oss-security/2014/03/27/4nvdPatchWEB
- bugs.launchpad.net/python-keystoneclient/+bug/1282865nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-gwvq-rgqf-993fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0105ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2014-0382.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2014-0409.htmlnvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-keystoneclient/PYSEC-2014-70.yamlghsaWEB
- review.opendev.org/c/openstack/python-keystoneclient/+/81078ghsaWEB
News mentions
0No linked articles in our index yet.