QID 994906
Date Published: 2023-08-21
QID 994906: Python (Pip) Security Update for keystonemiddleware (GHSA-7f2c-vp52-gmfw)
OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.
Solution
Refer to Github security advisory GHSA-7f2c-vp52-gmfw for updates and patch information.
Vendor References
- GHSA-7f2c-vp52-gmfw -
github.com/advisories/GHSA-7f2c-vp52-gmfw
CVEs related to QID 994906
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| GHSA-7f2c-vp52-gmfw | keystonemiddleware |
|