keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre-creating this directory, which is reused by Nova, as demonstrated using /tmp/keystone-signing-nova on Fedora.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| python-keystoneclient(PyPI) | 0 | 0.2.4 | N/A |
CVSS Metrics
