Vulnerability Details : CVE-2017-16613
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-16613
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*
- cpe:2.3:a:openstack:swauth:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16613
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16613
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-16613
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16613
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
#882314 - swauth: Swift object/proxy server writing swauth Auth Token to log file (CVE-2017-16613) - Debian Bug report logsIssue Tracking;Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/101926
OpenStack Swauth CVE-2017-16613 Authentication Bypass VulnerabilityThird Party Advisory;VDB Entry
-
https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
Hash token before storing it in Swift · openstack/swauth@70af798 · GitHubIssue Tracking;Patch;Third Party Advisory
-
https://bugs.launchpad.net/swift/+bug/1655781
Bug #1655781 “Swift object/proxy server writing Auth Token to lo...” : Bugs : OpenStack Object Storage (swift)Issue Tracking;Patch;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-4044
Debian -- Security Information -- DSA-4044-1 swauthIssue Tracking;Third Party Advisory
Jump to