Incorrect condition expression for ssl_insecure (CVE-2014-7144)
Bug #1353315 reported by
Qin Zhao
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Fix Released
|
Medium
|
Grant Murphy | ||
keystonemiddleware |
Fix Released
|
High
|
wanghong | ||
python-keystoneclient |
Fix Released
|
High
|
Qin Zhao |
Bug Description
In auth_token.py, _http_request(), self.ssl_insecure is a string. If insecure option is set in nova api-paste.ini, whatever it is 'true' or 'false', kwargs['verify'] will become False.
if self.ssl_insecure:
CVE References
Changed in ossa: | |
importance: | Undecided → Medium |
status: | Incomplete → Confirmed |
no longer affects: | ossn |
Changed in ossa: | |
assignee: | nobody → Grant Murphy (gmurphy) |
Changed in keystonemiddleware: | |
milestone: | none → 1.2.0 |
Changed in python-keystoneclient: | |
milestone: | none → 0.11.0 |
Changed in python-keystoneclient: | |
status: | Triaged → In Progress |
Changed in ossa: | |
status: | Triaged → In Progress |
Changed in python-keystoneclient: | |
milestone: | none → 0.11.0 |
Changed in python-keystoneclient: | |
status: | Fix Committed → Fix Released |
Changed in keystonemiddleware: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/112232
Review: https:/