CVE-2015-1852
keystonemiddleware/keystoneclient: S3Token TLS cert verification option not honored
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration (paste.ini) file regardless of the value, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate, a different vulnerability than CVE-2014-7144.
El middleware s3_token en OpenStack keystonemiddleware anterior a 1.6.0 y python-keystoneclient anterior a 1.4.0 deshabilita la verificación de certificados cuando la opción 'inseguro' esté configurada en un fichero de configuración paste (paste.ini) independientemente de su valor, lo que permite a atacantes remotos realizar ataques man-in-the-middle a través de un certificado manipulado, una vulnerabilidad diferente a CVE-2014-7144.
It was discovered that some items in the S3Token paste configuration as used by python-keystonemiddleware (formerly python-keystoneclient) were incorrectly evaluated as strings, an issue similar to CVE-2014-7144. If the "insecure" option were set to "false", the option would be evaluated as true, resulting in TLS connections being vulnerable to man-in-the-middle attacks.
Note: the "insecure" option defaults to false, so setups that do not specifically define "insecure=false" are not affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-02-17 CVE Reserved
- 2015-04-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-17: DEPRECATED: Code
- CWE-295: Improper Certificate Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/74187 | Third Party Advisory | |
| https://bugs.launchpad.net/keystonemiddleware/+bug/1411063 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.openstack.org/pipermail/openstack-announce/2015-April/000350.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2015-1677.html | 2023-02-13 | |
| http://rhn.redhat.com/errata/RHSA-2015-1685.html | 2023-02-13 | |
| http://www.ubuntu.com/usn/USN-2705-1 | 2023-02-13 | |
| https://access.redhat.com/security/cve/CVE-2015-1852 | 2015-08-25 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1209527 | 2015-08-25 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openstack Search vendor "Openstack" | Keystonemiddleware Search vendor "Openstack" for product "Keystonemiddleware" | <= 1.5.0 Search vendor "Openstack" for product "Keystonemiddleware" and version " <= 1.5.0" | - |
Affected
| ||||||
| Openstack Search vendor "Openstack" | Python-keystoneclient Search vendor "Openstack" for product "Python-keystoneclient" | <= 1.3.0 Search vendor "Openstack" for product "Python-keystoneclient" and version " <= 1.3.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||