Missing SSL cert check in Swift python client (CVE-2013-6396)
Bug #1199783 reported by
Thierry Carrez
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Fix Released
|
Medium
|
Jeremy Stanley | ||
python-swiftclient |
Fix Released
|
High
|
Thomas Leaman |
Bug Description
Thomas Leaman (HP) reported in public bug 1192229 that the Swift python client does not perform any kind of SSL certificate validation, which makes it vulnerable to MiM attacks.
This bug was filed to track this specific issue.
CVE References
Changed in ossa: | |
status: | New → Incomplete |
Changed in python-swiftclient: | |
assignee: | nobody → Thomas Leaman (thomas-leaman) |
Changed in python-swiftclient: | |
importance: | Undecided → High |
Changed in python-swiftclient: | |
status: | New → In Progress |
summary: |
- Missing SSL cert check in Swift python client + Missing SSL cert check in Swift python client (CVE-2013-6396) |
Changed in ossa: | |
status: | In Progress → Fix Released |
Changed in python-swiftclient: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
Thomas, any progress on a patch ?