[OSSA 2015-007] S3token incorrect condition expression for ssl_insecure (CVE-2015-1852)
Bug #1411063 reported by
Brant Knudson
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Fix Released
|
High
|
Tristan Cacqueray | ||
keystonemiddleware |
Fix Released
|
Critical
|
Tristan Cacqueray | ||
Juno |
Fix Released
|
Critical
|
Brant Knudson | ||
Kilo |
Fix Released
|
Critical
|
Brant Knudson | ||
python-keystoneclient |
Fix Released
|
Critical
|
Unassigned | ||
Kilo |
Fix Released
|
Critical
|
Brant Knudson |
Bug Description
Remember bug 1353315? The auth_token middleware would not verify the server cert when insecure=false in api-paste.ini because it passes the value as a string rather than a Boolean. Turns out he s3_token middleware has the same code.
http://
insecure = conf.get(
if insecure:
self._verify = False
conf is a dict of strings, so if you set insecure=false, then insecure here gets set to "false", which evaluates to True since it's not a zero-length string.
CVE References
description: | updated |
Changed in ossa: | |
importance: | Undecided → High |
status: | Incomplete → Confirmed |
summary: |
- S3token incorrect condition expression for ssl_insecure + S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) |
Changed in ossa: | |
status: | Triaged → Fix Committed |
information type: | Private Security → Public Security |
Changed in python-keystoneclient: | |
status: | New → Fix Committed |
summary: |
- S3token incorrect condition expression for ssl_insecure (CVE-2015-1852) + [OSSA 2015-007] S3token incorrect condition expression for ssl_insecure + (CVE-2015-1852) |
Changed in ossa: | |
status: | Fix Committed → Fix Released |
Changed in keystonemiddleware: | |
milestone: | none → 1.6.0 |
Changed in keystonemiddleware: | |
status: | Fix Committed → Fix Released |
Changed in python-keystoneclient: | |
milestone: | none → 1.4.0 |
Changed in python-keystoneclient: | |
importance: | Undecided → Critical |
Changed in python-keystoneclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Yep. Good catch, classified this as appropriate.