Improper Server Hostname Verification in Python Glance Client by OpenStack
CVE-2013-4111

Currently unrated

Key Information:

Vendor
Openstack
Vendor
CVE Published:
28 August 2013

Summary

The Python client library for Glance, known as python-glanceclient, prior to version 0.10.0, contains a flaw in how it validates SSL/TLS certificates. This vulnerability allows man-in-the-middle attackers to intercept SSL connections by presenting a valid certificate without proper hostname verification against the Common Name (CN) or subjectAltName fields of the X.509 certificate. As a result, attackers can impersonate legitimate servers, leading to potential unauthorized access and data exposure.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.