Vulnerability Name:

CVE-2017-16613 (CCN-135255)

Assigned:2017-11-21
Published:2017-11-21
Updated:2017-12-12
Summary:An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request.
Note: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-287
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2017-16613

Source: BID
Type: Third Party Advisory, VDB Entry
101926

Source: CCN
Type: BID-101926
OpenStack Swauth CVE-2017-16613 Authentication Bypass Vulnerability

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314

Source: CCN
Type: Launchpad Bug #1655781
Swift object/proxy server writing Auth Token to log file (swauth)

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://bugs.launchpad.net/swift/+bug/1655781

Source: XF
Type: UNKNOWN
openstack-swauth-cve201716613-sec-bypass(135255)

Source: CCN
Type: Swauth GIT Repository
Hash token before storing it in Swift

Source: CONFIRM
Type: Issue Tracking, Patch, Third Party Advisory
https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298

Source: DEBIAN
Type: Issue Tracking, Third Party Advisory
DSA-4044

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2017-16613

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openstack:swauth:*:*:*:*:*:*:*:* (Version <= 1.2.0)
  • OR cpe:/a:openstack:swift:*:*:*:*:*:*:*:* (Version <= 2.15.1)

    • Configuration 2:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openstack:swauth:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openstack:swift:2.15.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.xenial:def:2017166130000000
    V
    		CVE-2017-16613 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-11-21
    oval:com.ubuntu.artful:def:201716613000
    V
    		CVE-2017-16613 on Ubuntu 17.10 (artful) - medium.
    2017-11-21
    oval:com.ubuntu.xenial:def:201716613000
    V
    		CVE-2017-16613 on Ubuntu 16.04 LTS (xenial) - medium.
    2017-11-21
    oval:com.ubuntu.disco:def:2017166130000000
    V
    		CVE-2017-16613 on Ubuntu 19.04 (disco) - medium.
    2017-11-21
    oval:com.ubuntu.bionic:def:201716613000
    V
    		CVE-2017-16613 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-11-21
    oval:com.ubuntu.cosmic:def:2017166130000000
    V
    		CVE-2017-16613 on Ubuntu 18.10 (cosmic) - medium.
    2017-11-21
    oval:com.ubuntu.cosmic:def:201716613000
    V
    		CVE-2017-16613 on Ubuntu 18.10 (cosmic) - medium.
    2017-11-21
    oval:com.ubuntu.bionic:def:2017166130000000
    V
    		CVE-2017-16613 on Ubuntu 18.04 LTS (bionic) - medium.
    2017-11-21
    oval:com.ubuntu.trusty:def:201716613000
    V
    		CVE-2017-16613 on Ubuntu 14.04 LTS (trusty) - medium.
    2017-11-21
    BACK
    openstack swauth *
    openstack swift *
    debian debian linux 9.0
    openstack swauth 1.2.0
    openstack swift 2.15.1