-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from insecure handling of the signing_dir in the auth_token middleware. The original code in AuthMiddleware's init method created the directory without atomic safe creation (leading to TOCTOU races) and did not validate ownership or enforce strict permissions on existing directories. The patch introduced checks for ownership and permissions, and used os.makedirs() with secure modes. The default configuration in api-paste.ini exacerbated the issue by specifying /tmp/keystone-signing-nova, but the core vulnerability resided in the directory handling logic within the AuthMiddleware initialization.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| python-keystoneclient | pip | < 0.2.4 | 0.2.4 |
Ongoing coverage of React2Shell