RCE in Openstack Folsom

CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.003 (56.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Folsom
Openstack Grizzly
Openstack Havana
Opensuse — versions 12.3
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

References

DSA-2737 (vendor-advisory, x_refsource_DEBIAN)
openSUSE-SU-2013:1146 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2013:0993 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20130613 [OSSA 2013-016] Unchecked user input in Swift XML responses (CVE-2013-2161) (mailing-list, x_refsource_MLIST)