XML Injection Vulnerability in OpenStack Swift by OpenStack
CVE-2013-2161

Currently unrated

Key Information:

Vendor: Openstack
Status: Havana; Opensuse; Grizzly; Folsom
Vendor: CVE Published:; 20 August 2013

Summary

An XML injection vulnerability exists in the account/utils.py file within OpenStack Swift, affecting the Folsom, Grizzly, and Havana releases. This flaw allows remote attackers to exploit unchecked user input, which can lead to invalid or spoofed responses from the Swift service by manipulating the account name. Attackers can leverage this vulnerability to disrupt service integrity and manipulate XML data handling.

References

http://www.debian.org/security/2012/dsa-2737

vendor-advisoryx_refsource_DEBIAN

http://lists.opensuse.org/opensuse-updates/2013-07/msg000...

vendor-advisoryx_refsource_SUSE

https://bugs.launchpad.net/swift/+bug/1183884

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 20, 2013
Vulnerability Reserved
Feb 19, 2013