CVE-2013-2161

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

Published Bysecalert@redhat.com

Published DateAug 20, 2013, 22:55

Affected Versions(1)

swift(PyPI)

Introduced0

Fixed1.9.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
swift(PyPI)	0	1.9.0	N/A

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html
http://rhn.redhat.com/errata/RHSA-2013-0993.html
http://www.debian.org/security/2012/dsa-2737
http://www.openwall.com/lists/oss-security/2013/06/13/4
https://bugs.launchpad.net/swift/+bug/1183884

Weakness Type (CWE):CWE-94

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL