PT-2013-3571 · Openstack · Openstack Swift

Alex Gaynor

Published

2013-08-20

Updated

2022-05-14

CVE-2013-2161

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenStack Swift versions Folsom through Havana

Description The issue allows attackers to trigger invalid or spoofed responses via an account name, potentially exploiting an XML injection vulnerability in the account/utils.py file.

Recommendations For OpenStack Swift versions Folsom through Havana, update to a version that includes a fix for this issue to prevent XML injection attacks.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-2161

DSA-2737-1

GHSA-9XGV-6V35-MMCJ

RHSA-2013:0993

Affected Products

Openstack Swift

PT-2013-3571 · Openstack · Openstack Swift

CVE-2013-2161

Weakness Enumeration

Related Identifiers

Affected Products

References · 15