Python Swift client is vulnerable to Missing SSL Certificate Check
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 29, 2023
Description
Published by the National Vulnerability Database
Feb 18, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 29, 2023
Last updated
Aug 29, 2023
The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References