Improper Server Hostname Verification in Python Glance Client by OpenStack
CVE-2013-4111
Currently unrated
Summary
The Python client library for Glance, known as python-glanceclient, prior to version 0.10.0, contains a flaw in how it validates SSL/TLS certificates. This vulnerability allows man-in-the-middle attackers to intercept SSL connections by presenting a valid certificate without proper hostname verification against the Common Name (CN) or subjectAltName fields of the X.509 certificate. As a result, attackers can impersonate legitimate servers, leading to potential unauthorized access and data exposure.
References
Timeline
Vulnerability published
Vulnerability Reserved