4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.7 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
66.4%
John Dickinson discovered that Swift did not properly quote the
WWW-Authenticate header value. If a user were tricked into navigating to a
malicious Swift URL, an attacker could conduct cross-site scripting
attacks. With cross-site scripting vulnerabilities, if a user were tricked
into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential
data, within the same domain.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 14.04 | noarch | python-swift | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-account | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-container | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-doc | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-object | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-object-expirer | < 1.13.1-0ubuntu1.1 | UNKNOWN |
Ubuntu | 14.04 | noarch | swift-proxy | < 1.13.1-0ubuntu1.1 | UNKNOWN |