CVE-2017-16613

CVE Database · CVE-2017-16613

CVE-2017-16613

· N/AModified

CVSS v3.1

N/A

EPSS

8.35%

Published

Nov 21, 2017

Modified

May 12, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.

Weaknesses (CWE)

CWE-287

Affected Products (3)

openstack · swauthvulnerable

openstack · swiftvulnerable

debian · debian_linuxvulnerable

References (10)

http://www.securityfocus.com/bid/101926

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314

Issue TrackingPatchThird Party Advisory

https://bugs.launchpad.net/swift/+bug/1655781

Issue TrackingPatchThird Party Advisory

https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298

Issue TrackingPatchThird Party Advisory

https://www.debian.org/security/2017/dsa-4044

KEV Catalog EPSS Scores Vendors All CVEs