CVE-2013-2161 - OpenCVE

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openstack	Grizzly Havana Folsom
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:a:openstack:folsom:-:::::::*
	cpe:2.3:a:openstack:grizzly:-:::::::*
	cpe:2.3:a:openstack:havana:-:::::::*
	cpe:2.3:o:opensuse:opensuse:12.3:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html
http://rhn.redhat.com/errata/RHSA-2013-0993.html
http://www.debian.org/security/2012/dsa-2737
http://www.openwall.com/lists/oss-security/2013/06/13/4
https://bugs.launchpad.net/swift/+bug/1183884

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2013-08-20T22:00:00Z

Updated: 2013-08-20T22:00:00Z

Reserved: 2013-02-19T00:00:00Z

Link: CVE-2013-2161

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-08-20T22:55:04.057

Modified: 2018-10-30T16:27:34.373

Link: CVE-2013-2161

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:folsom:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5BA13BC-F088-45AA-AD10-B74F89CE5375", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:grizzly:-:*:*:*:*:*:*:*", "matchCriteriaId": "A83ED744-9E3D-4510-B3E6-6DDE1090F0B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:havana:-:*:*:*:*:*:*:*", "matchCriteriaId": "77522028-683C-4708-AF46-50B49A0A2D15", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*", "matchCriteriaId": "DFBF430B-0832-44B0-AA0E-BA9E467F7668", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n XML en accounts/utils.py en OpenStack Swift Folsom, Grizzly, y Havana, permite a atacantes provocar o suplantar respuestas Swift a trav\u00e9s de un nombre de cuenta."}], "id": "CVE-2013-2161", "lastModified": "2018-10-30T16:27:34.373", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-20T22:55:04.057", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html"}, {"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-0993.html"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2737"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2013/06/13/4"}, {"source": "secalert@redhat.com", "url": "https://bugs.launchpad.net/swift/+bug/1183884"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}