返回 CVE 浏览器

CVE-2017-16613

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1860%

EPSS Percentile1.06th

Published2017年11月21日

Last Modified2026年5月13日

Vulnerability Description

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

Affected Platforms (CPE)

📦

Openstack

Swauth

<= 1.2.0

📦

Openstack

Swift

<= 2.15.1

💻

Debian

Debian Linux

= 9.0

References & Advisories

🔗 http://www.securityfocus.com/bid/101926

🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314

🔗 https://bugs.launchpad.net/swift/+bug/1655781

🔗 https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298

🔗 https://www.debian.org/security/2017/dsa-4044

🔗 http://www.securityfocus.com/bid/101926

🔗 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314

🔗 https://bugs.launchpad.net/swift/+bug/1655781

相关漏洞威胁

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...