VYPR
High severityNVD Advisory· Published Oct 2, 2014· Updated Jun 17, 2026

CVE-2014-7144

CVE-2014-7144

Description

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonemiddlewarePyPI
< 0.11.00.11.0
keystonemiddlewarePyPI
>= 1.0, < 1.2.01.2.0
python-keystoneclientPyPI
< 0.11.00.11.0
python-keystoneclientPyPI
>= 1.0, < 1.2.01.2.0

Affected products

6

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.