Search for packages
| purl | pkg:rpm/redhat/python-keystoneclient@1:0.11.1-2?arch=el7ost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5st1-zx32-3yfw
Aliases: CVE-2015-1852 GHSA-p9wq-mjh8-q72m PYSEC-2015-30 PYSEC-2015-31 |
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:41:33.096253+00:00 | RedHat Importer | Affected by | VCID-5st1-zx32-3yfw | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1852.json | 38.0.0 |