VYPR
Get started
← All advisories
High severityNVD Advisory· Published Oct 2, 2014· Updated May 6, 2026

CVE-2014-7144

CVE-2014-7144

Description

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonemiddlewarePyPI
< 0.11.00.11.0
keystonemiddlewarePyPI
>= 1.0, < 1.2.01.2.0
python-keystoneclientPyPI
< 0.11.00.11.0
python-keystoneclientPyPI
>= 1.0, < 1.2.01.2.0

Affected products

4
  • OpenStack/Keystonemiddleware3 versions
    cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:openstack:keystonemiddleware:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystonemiddleware:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:openstack:keystonemiddleware:1.1.1:*:*:*:*:*:*:*
  • OpenStack/Python Keystoneclient
    cpe:2.3:a:openstack:python-keystoneclient:*:*:*:*:*:*:*:*
    Range: <=0.10.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.