Comment 13 for bug 1282865

I assumed any authenticated requests could results in context swap.
Memcached_server appeared in 0.2.3 (git grep memcached_servers 0.2.2 0.2.3).

@Kieran: Please correct me if I'm wrong about the University of Melbourne credit.

Draft impact description #1 -

Title: Privilege escalation in auth_token middleware
Reporter: Kieran Spear (University of Melbourne)
Products: python-keystoneclient
Versions: 0.2.3 version up to 0.6.0

Description:
Kieran Spear from the University of Melbourne reported a vulnerability in python-keystoneclient auth_token middleware. By doing repeated authenticated requests, with sufficient load on the target system, an authenticated user can inherit another authenticated user's role resulting in a privilege escalation. Note that it is related to a bad interaction between auth_token and eventlet that is fixed if the process used eventlet thread monkey patching. Only setups using auth_token with memcache are vulnerable.