I assumed any authenticated requests could results in context swap.
Memcached_server appeared in 0.2.3 (git grep memcached_servers 0.2.2 0.2.3).
@Kieran: Please correct me if I'm wrong about the University of Melbourne credit.
Draft impact description #1 -
Title: Privilege escalation in auth_token middleware
Reporter: Kieran Spear (University of Melbourne)
Products: python-keystoneclient
Versions: 0.2.3 version up to 0.6.0
Description:
Kieran Spear from the University of Melbourne reported a vulnerability in python-keystoneclient auth_token middleware. By doing repeated authenticated requests, with sufficient load on the target system, an authenticated user can inherit another authenticated user's role resulting in a privilege escalation. Note that it is related to a bad interaction between auth_token and eventlet that is fixed if the process used eventlet thread monkey patching. Only setups using auth_token with memcache are vulnerable.
I assumed any authenticated requests could results in context swap.
Memcached_server appeared in 0.2.3 (git grep memcached_servers 0.2.2 0.2.3).
@Kieran: Please correct me if I'm wrong about the University of Melbourne credit.
Draft impact description #1 -
Title: Privilege escalation in auth_token middleware keystoneclient
Reporter: Kieran Spear (University of Melbourne)
Products: python-
Versions: 0.2.3 version up to 0.6.0
Description: keystoneclient auth_token middleware. By doing repeated authenticated requests, with sufficient load on the target system, an authenticated user can inherit another authenticated user's role resulting in a privilege escalation. Note that it is related to a bad interaction between auth_token and eventlet that is fixed if the process used eventlet thread monkey patching. Only setups using auth_token with memcache are vulnerable.
Kieran Spear from the University of Melbourne reported a vulnerability in python-