Improper Server Hostname Verification in Python Glance Client by OpenStack
CVE-2013-4111

Currently unrated

Key Information:

Vendor: Openstack
Status: Python Glanceclient; Opensuse
Vendor: CVE Published:; 28 August 2013

Summary

The Python client library for Glance, known as python-glanceclient, prior to version 0.10.0, contains a flaw in how it validates SSL/TLS certificates. This vulnerability allows man-in-the-middle attackers to intercept SSL connections by presenting a valid certificate without proper hostname verification against the Common Name (CN) or subjectAltName fields of the X.509 certificate. As a result, attackers can impersonate legitimate servers, leading to potential unauthorized access and data exposure.

References

http://secunia.com/advisories/54525

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/54313

third-party-advisoryx_refsource_SECUNIA

http://www.ubuntu.com/usn/USN-2004-1

vendor-advisoryx_refsource_UBUNTU

Timeline

Vulnerability published
Aug 28, 2013
Vulnerability Reserved
Jun 12, 2013