Cross-Site Scripting Vulnerability in OpenStack Swift by OpenStack
CVE-2014-3497

Currently unrated

Key Information:

Vendor: Openstack
Status: Swift
Vendor: CVE Published:; 3 July 2014

Summary

A cross-site scripting vulnerability exists in OpenStack Swift versions 1.11.0 to 1.13.1, allowing remote attackers to inject arbitrary web scripts or HTML into requests via the WWW-Authenticate header. This vulnerability can pose significant risks, potentially enabling attackers to execute JavaScript in the context of the user's session, leading to data theft or unauthorized actions on behalf of the user. It is crucial for administrators using affected versions to apply appropriate security measures and updates to mitigate this risk.

References

http://www.ubuntu.com/usn/USN-2256-1

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/59532

third-party-advisoryx_refsource_SECUNIA

https://review.openstack.org/#/c/101031/

x_refsource_CONFIRM

Timeline

Vulnerability published
Jul 3, 2014
Vulnerability Reserved
May 14, 2014