Описание
Python Swift client is vulnerable to Missing SSL Certificate Check
The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-6396
- https://github.com/openstack/python-swiftclient/commit/b182112719ab87942472e44aa3446ea0eb19a289
- https://bugs.launchpad.net/python-swiftclient/+bug/1199783
- https://github.com/pypa/advisory-database/tree/main/vulns/python-swiftclient/PYSEC-2014-12.yaml
- https://review.opendev.org/c/openstack/python-swiftclient/+/69187
- http://www.openwall.com/lists/oss-security/2014/02/17/7
Пакеты
python-swiftclient
>= 1.0, < 2.0
2.0
Связанные уязвимости
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...