CVE-2013-6396: Python Swift client is vulnerable to Missing SSL Certificate Check
(updated )
The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
References
- bugs.launchpad.net/python-swiftclient/+bug/1199783
- github.com/advisories/GHSA-p3xv-97g8-4wmj
- github.com/chmouel/python-swiftclient
- github.com/pypa/advisory-database/tree/main/vulns/python-swiftclient/PYSEC-2014-12.yaml
- nvd.nist.gov/vuln/detail/CVE-2013-6396
- review.opendev.org/c/openstack/python-swiftclient/+/69187
Detect and mitigate CVE-2013-6396 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →