CVE-2010-4340: Apache Libcloud does not verify SSL certificates for HTTPS connections
(updated )
libcloud before 0.4.0 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. This is due to an upstream issue with python’s SSL module rather than directly with libcloud.
References
- bugs.python.org/issue1589
- github.com/advisories/GHSA-w3j6-8j34-q43x
- github.com/apache/libcloud
- github.com/apache/libcloud/commit/87ee61e6ba03a43dcefea2ce180988bec066b6fd
- github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2011-24.yaml
- issues.apache.org/jira/browse/LIBCLOUD-55
- nvd.nist.gov/vuln/detail/CVE-2010-4340
Detect and mitigate CVE-2010-4340 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →