Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenStack keystone 代码问题漏洞
Vulnerability Description
OpenStack是美国美国国家航空航天局(NASA)的一个云平台管理项目。OpenStack Keystone是使用在OpenStack中的一个用于管理身份验证、服务规则和服务令牌功能的模块。 OpenStack keystone 1.6.0之前版本和python-keystoneclient 1.4.0之前版本存在代码问题漏洞。远程攻击者利用该漏洞通过特制的证书实施中间人攻击。
CVSS Information
N/A
Vulnerability Type
N/A