Critical severity9.8NVD Advisory· Published Nov 21, 2017· Updated Jun 17, 2026
CVE-2017-16613
CVE-2017-16613
Description
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swauthPyPI | < 1.3.0 | 1.3.0 |
Affected products
4Patches
Vulnerability mechanics
References
9- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- bugs.launchpad.net/swift/+bug/1655781nvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298nvdIssue TrackingPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/101926nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-qhq8-xwqv-pvv9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16613ghsaADVISORY
- www.debian.org/security/2017/dsa-4044nvdIssue TrackingThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/swauth/PYSEC-2017-84.yamlghsaWEB
- web.archive.org/web/20200227140059/http://www.securityfocus.com/bid/101926ghsaWEB
News mentions
0No linked articles in our index yet.