Skip to content

Python Swift client is vulnerable to Missing SSL Certificate Check

Moderate severity GitHub Reviewed Published May 17, 2022 to the GitHub Advisory Database • Updated Aug 29, 2023

Package

pip python-swiftclient (pip)

Affected versions

>= 1.0, <= 1.9.0

Patched versions

2.0.2

Description

The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

References

Published by the National Vulnerability Database Feb 18, 2014
Published to the GitHub Advisory Database May 17, 2022
Reviewed Aug 29, 2023
Last updated Aug 29, 2023

Severity

Moderate

EPSS score

0.061%
(27th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2013-6396

GHSA ID

GHSA-p3xv-97g8-4wmj

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.