Incorrect condition expression for ssl_insecure (CVE-2014-7144)
Bug #1353315 reported by
Qin Zhao
This bug affects 4 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Security Advisory |
Fix Released
|
Medium
|
Grant Murphy | ||
| keystonemiddleware |
Fix Released
|
High
|
wanghong | ||
| python-keystoneclient |
Fix Released
|
High
|
Qin Zhao | ||
Bug Description
In auth_token.py, _http_request(), self.ssl_insecure is a string. If insecure option is set in nova api-paste.ini, whatever it is 'true' or 'false', kwargs['verify'] will become False.
if self.ssl_insecure:
CVE References
| Changed in ossa: | |
| importance: | Undecided → Medium |
| status: | Incomplete → Confirmed |
| no longer affects: | ossn |
| Changed in ossa: | |
| assignee: | nobody → Grant Murphy (gmurphy) |
| Changed in keystonemiddleware: | |
| milestone: | none → 1.2.0 |
| Changed in python-keystoneclient: | |
| milestone: | none → 0.11.0 |
| Changed in python-keystoneclient: | |
| status: | Triaged → In Progress |
| Changed in ossa: | |
| status: | Triaged → In Progress |
| Changed in python-keystoneclient: | |
| milestone: | none → 0.11.0 |
| Changed in python-keystoneclient: | |
| status: | Fix Committed → Fix Released |
| Changed in keystonemiddleware: | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.

Fix proposed to branch: master /review. openstack. org/112232
Review: https:/