PYSEC-2014-106

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2014-106.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-106

Aliases

CVE-2014-2828
GHSA-6mv3-p2gr-wgqf

Published

2014-04-15T14:55:00Z

Modified

2024-11-25T22:42:19.102752Z

Summary

[none]

Details

The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the same authentication method in a request, aka "authentication chaining."

References

http://www.openwall.com/lists/oss-security/2014/04/10/20
https://bugs.launchpad.net/keystone/+bug/1300274
http://rhn.redhat.com/errata/RHSA-2014-1688.html

Affected packages

PyPI / keystone

Package

Name: keystone; View open source insights on deps.dev
Purl: pkg:pypi/keystone

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.0.0a0