Описание
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
Отчет
The Red Hat Security Response Team has rated this issue as having Moderate security impact in Red Hat Enterprise Linux OpenStack Platform 3 however fixing this issue would require a change to default behavior. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 3 | python-swiftclient | Affected | ||
| Red Hat OpenStack Platform 4 | python-swiftclient | Affected |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...
Python Swift client is vulnerable to Missing SSL Certificate Check
4.3 Medium
CVSS2