CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16613

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1860%
EPSS Percentile1.06th
PublishedNov 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

Affected Platforms (CPE)

πŸ“¦
Openstack

Swauth

<= 1.2.0
πŸ“¦
Openstack

Swift

<= 2.15.1
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— http://www.securityfocus.com/bid/101926
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
πŸ”— https://bugs.launchpad.net/swift/+bug/1655781
πŸ”— https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
πŸ”— https://www.debian.org/security/2017/dsa-4044
πŸ”— http://www.securityfocus.com/bid/101926
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
πŸ”— https://bugs.launchpad.net/swift/+bug/1655781

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...