Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1wM3h2LTk3ZzgtNHdtas4AAewz

Critical CVSS: 9.3 EPSS: 0.00137% (0.34486 Percentile) EPSS:
Permalink JSON

Python Swift client is vulnerable to Missing SSL Certificate Check

Affected Packages Affected Versions Fixed Versions
pypi:python-swiftclient
PURL: pkg:pypi/python-swiftclient
>= 1.0, < 2.0 2.0
63 Dependent packages
1,824 Dependent repositories
498,564 Downloads last month

Affected Version Ranges

All affected versions

1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.7.0, 1.8.0, 1.9.0

All unaffected versions

2.0.1, 2.0.2, 2.0.3, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.5.0, 2.6.0, 2.7.0, 3.0.0, 3.1.0, 3.2.0, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.11.0, 3.11.1, 3.12.0, 3.13.0, 3.13.1, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0

The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References:

Identifiers

GHSA-p3xv-97g8-4wmj

CVE-2013-6396

Risk

Severity

Critical

CVSS

CVSS Score: 9.3

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00137

EPSS Percentile: 0.34486

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/openstack/python-swiftclient

Date and time

Published

over 3 years ago

Updated

about 2 months ago

API

JSON