Description
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101926
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2017/dsa-4044
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/swift/+bug/1655781
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
Scores
CVSS v3
9.8
EPSS
0.0234
EPSS Percentile
85.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (4)
debian/debian_linux
9.0
openstack/swauth
< 1.2.0
openstack/swift
< 2.15.1
pypi/swauth
0 - 1.3.0PyPI
Published
Nov 21, 2017
Tracked Since
Feb 18, 2026