{"id":"USN-2705-1","summary":"python-keystoneclient, python-keystonemiddleware vulnerabilities","details":"Qin Zhao discovered Keystone disabled certification verification when\nthe \"insecure\" option is set in a paste configuration (paste.ini)\nfile regardless of the value, which allows remote attackers to conduct\nmachine-in-the-middle attacks via a crafted certificate. (CVE-2014-7144)\n\nBrant Knudson discovered Keystone disabled certification verification when\nthe \"insecure\" option is set in a paste configuration (paste.ini)\nfile regardless of the value, which allows remote attackers to conduct\nmachine-in-the-middle attacks via a crafted certificate. (CVE-2015-1852)\n","modified":"2026-02-10T04:40:55Z","published":"2015-08-06T04:10:00Z","related":["UBUNTU-CVE-2014-7144","UBUNTU-CVE-2015-1852"],"upstream":["CVE-2014-7144","CVE-2015-1852","UBUNTU-CVE-2014-7144","UBUNTU-CVE-2015-1852"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-2705-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-7144"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-1852"}],"affected":[{"package":{"name":"python-keystoneclient","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/python-keystoneclient@1:0.7.1-ubuntu1.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:0.7.1-ubuntu1.2"}]}],"versions":["1:0.3.2-0ubuntu1","1:0.4.1-0ubuntu1","1:0.4.2-0ubuntu1","1:0.6.0-0ubuntu1","1:0.7.1-ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"python-keystoneclient","binary_version":"1:0.7.1-ubuntu1.2"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[{"id":"CVE-2014-7144","severity":[{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2015-1852","severity":[{"score":"medium","type":"Ubuntu"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-2705-1.json"}}],"schema_version":"1.7.3"}