OSSA-2013-018: Missing SSL certificate check in Python glance client

OSSA-2013-018: Missing SSL certificate check in Python glance client

Date:July 30, 2013
CVE:CVE-2013-4111

Affects

  • Python-glanceclient: All versions

Description

Thomas Leaman from HP reported that the Python Glance client was failing to properly check certificates during the establishment of HTTPS connections. A remote attacker with access over segments of the network between client and server could potentially set up a man-in the-middle attack and access the contents of the Glance client request (or response).

Patches

Credits

  • Thomas Leaman from HP (CVE-2013-4111)
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.