—
PYSEC-2014-69
Details
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / python-keystoneclient
Introduced in:
0 Fixed in: 0.2.4 Fix
pip install --upgrade 'python-keystoneclient>=0.2.4' References
- https://bugs.launchpad.net/python-keystoneclient/+bug/1179615 [WEB]
- http://www.openwall.com/lists/oss-security/2013/05/28/7 [WEB]
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00198.html [WEB]
- http://www.ubuntu.com/usn/USN-1875-1 [ADVISORY]
- http://rhn.redhat.com/errata/RHSA-2013-0944.html [ADVISORY]
- http://www.ubuntu.com/usn/USN-1851-1 [ADVISORY]