CVE-2017-16613
- Source
- https://cve.org/CVERecord?id=CVE-2017-16613
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16613.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16613
- Aliases
- Downstream
- Published
- 2017-11-21T13:29:00.267Z
- Modified
- 2026-02-23T08:05:51.767001Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
- References
-
- http://www.securityfocus.com/bid/101926
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
- https://bugs.launchpad.net/swift/+bug/1655781
- https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
- https://www.debian.org/security/2017/dsa-4044
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
- https://bugs.launchpad.net/swift/+bug/1655781
- https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
- https://www.debian.org/security/2017/dsa-4044
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
- https://bugs.launchpad.net/swift/+bug/1655781
- https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
Affected packages
Git / github.com/gstreamer/gst-plugins-ugly
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gstreamer/gst-plugins-ugly
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.1.1
1.1.2
1.1.3
1.1.4
1.1.90
1.2.0
Other
BEFORE_INDENT
BRANCH-ERROR-ROOT
BRANCH-EVENTS2-ROOT
BRANCH-GSTREAMER-0_8-ROOT
CAPS
CAPS-MERGE-3
CAPS-ROOT
CHANGELOG_START
GIT_CONVERSION
MOVE-TO-FDO
OSLOSUMMIT1-200303051
RELEASE-0_10_0
RELEASE-0_10_1
RELEASE-0_10_10
RELEASE-0_10_11
RELEASE-0_10_2
RELEASE-0_10_3
RELEASE-0_10_4
RELEASE-0_10_5
RELEASE-0_10_6
RELEASE-0_10_7
RELEASE-0_10_8
RELEASE-0_10_9
RELEASE-0_9_1
RELEASE-0_9_3
RELEASE-0_9_4
RELEASE-0_9_5
RELEASE-0_9_6
RELEASE-0_9_7
TYPEFIND-ROOT
start
RELEASE-0.*
RELEASE-0.10.12
RELEASE-0.10.13
RELEASE-0.10.14
RELEASE-0.10.15
RELEASE-0.10.16
RELEASE-0.10.17
RELEASE-0.10.18
RELEASE-0.11.1
RELEASE-0.11.2
RELEASE-0.11.90
RELEASE-0.11.91
RELEASE-0.11.92
RELEASE-0.11.93
RELEASE-0.11.94
RELEASE-0.11.99