VulnerableCode Package Details - pkg:deb/debian/python-keystoneclient@1:4.1.1-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-44u3-6h7t-dbah	The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."	CVE-2014-0105 GHSA-gwvq-rgqf-993f PYSEC-2014-70
VCID-5st1-zx32-3yfw	The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.	CVE-2015-1852 GHSA-p9wq-mjh8-q72m PYSEC-2015-30 PYSEC-2015-31
VCID-79rs-7766-4ycf	OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.	CVE-2014-7144 GHSA-7f2c-vp52-gmfw PYSEC-2014-26 PYSEC-2014-71
VCID-8yta-5ta1-fkfm	python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass	CVE-2013-2166 GHSA-c3xq-cj8f-7829 PYSEC-2019-197
VCID-d5eh-h7qr-9kbt	python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass	CVE-2013-2167 GHSA-9vg3-cf92-h2h7 PYSEC-2019-161
VCID-p776-3n3m-wkhz	python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.	CVE-2013-2104 GHSA-4rrr-j7ff-r844 PYSEC-2014-69
VCID-ryxy-ymcn-3bhr	The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.	CVE-2013-2013 GHSA-8q2m-pwxf-jc7g PYSEC-2013-24

Vulnerability

Summary

Aliases

VCID-44u3-6h7t-dbah

The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authenticated users to gain privileges in opportunistic circumstances via a large number of requests, related to an "interaction between eventlet and python-memcached."

CVE-2014-0105
GHSA-gwvq-rgqf-993f
PYSEC-2014-70

VCID-5st1-zx32-3yfw

The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.

CVE-2015-1852
GHSA-p9wq-mjh8-q72m
PYSEC-2015-30
PYSEC-2015-31

VCID-79rs-7766-4ycf

OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x before 0.11.0 and 1.x before 1.2.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.

CVE-2014-7144
GHSA-7f2c-vp52-gmfw
PYSEC-2014-26
PYSEC-2014-71

VCID-8yta-5ta1-fkfm

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass

CVE-2013-2166
GHSA-c3xq-cj8f-7829
PYSEC-2019-197

VCID-d5eh-h7qr-9kbt

python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass

CVE-2013-2167
GHSA-9vg3-cf92-h2h7
PYSEC-2019-161

VCID-p776-3n3m-wkhz

python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.

CVE-2013-2104
GHSA-4rrr-j7ff-r844
PYSEC-2014-69

VCID-ryxy-ymcn-3bhr

The user-password-update command in python-keystoneclient before 0.2.4 accepts the new password in the --password argument, which allows local users to obtain sensitive information by listing the process.

CVE-2013-2013
GHSA-8q2m-pwxf-jc7g
PYSEC-2013-24

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:36:24.396721+00:00	Debian Importer	Fixing	VCID-d5eh-h7qr-9kbt	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:23:19.343807+00:00	Debian Importer	Fixing	VCID-5st1-zx32-3yfw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:49:15.384613+00:00	Debian Importer	Fixing	VCID-44u3-6h7t-dbah	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:41:43.361317+00:00	Debian Importer	Fixing	VCID-8yta-5ta1-fkfm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:17:34.959827+00:00	Debian Importer	Fixing	VCID-p776-3n3m-wkhz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:13:29.429291+00:00	Debian Importer	Fixing	VCID-ryxy-ymcn-3bhr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:08:39.135438+00:00	Debian Importer	Fixing	VCID-79rs-7766-4ycf	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:38:10.217419+00:00	Debian Importer	Fixing	VCID-d5eh-h7qr-9kbt	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:45:21.493171+00:00	Debian Importer	Fixing	VCID-5st1-zx32-3yfw	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:19:30.211927+00:00	Debian Importer	Fixing	VCID-44u3-6h7t-dbah	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:14:05.272087+00:00	Debian Importer	Fixing	VCID-8yta-5ta1-fkfm	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:55:34.259835+00:00	Debian Importer	Fixing	VCID-p776-3n3m-wkhz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:52:28.199159+00:00	Debian Importer	Fixing	VCID-ryxy-ymcn-3bhr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:48:49.175700+00:00	Debian Importer	Fixing	VCID-79rs-7766-4ycf	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:49.426889+00:00	Debian Importer	Fixing	VCID-5st1-zx32-3yfw	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.367605+00:00	Debian Importer	Fixing	VCID-79rs-7766-4ycf	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.307978+00:00	Debian Importer	Fixing	VCID-44u3-6h7t-dbah	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.249118+00:00	Debian Importer	Fixing	VCID-d5eh-h7qr-9kbt	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.191744+00:00	Debian Importer	Fixing	VCID-8yta-5ta1-fkfm	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.136754+00:00	Debian Importer	Fixing	VCID-p776-3n3m-wkhz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:49.081067+00:00	Debian Importer	Fixing	VCID-ryxy-ymcn-3bhr	https://security-tracker.debian.org/tracker/data/json	38.1.0