OSSA-2013-018: Missing SSL certificate check in Python glance client

OSSA-2013-018: Missing SSL certificate check in Python glance client¶

Date:: July 30, 2013
CVE:: CVE-2013-4111

Affects¶

Python-glanceclient: All versions

Description¶

Thomas Leaman from HP reported that the Python Glance client was failing to properly check certificates during the establishment of HTTPS connections. A remote attacker with access over segments of the network between client and server could potentially set up a man-in the-middle attack and access the contents of the Glance client request (or response).

Patches¶

https://review.openstack.org/#/c/33464 (Python-glanceclient)

Credits¶

Thomas Leaman from HP (CVE-2013-4111)

References¶

https://launchpad.net/bugs/1192229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4111

this page last updated: 2024-03-18 15:52:07

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.