Auth bypass in Openstack Swauth
CVE-2017-16613
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authenticat…
Vulnerability class: Broken Authentication
EPSS: 0.023 (85.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Openstack Swauth
- Openstack Swift
- Debian Debian_linux — versions 9.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- cve@mitre.org (vendor-advisory, Third Party Advisory, Issue Tracking, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
Frequently asked questions
- What is CVE-2017-16613?
- CVE-2017-16613 is a critical-severity vulnerability in Openstack Swauth, classified under Improper Authentication. CVSS score: 9.8/10. Published 2017-11-21.
- How severe is CVE-2017-16613?
- Critical severity. CVSS v3 base score is 9.8 out of 10.