Miggo Logo
Miggo Vulnerability Database
CVE-2013-2161

CVE-2013-2161: OpenStack Swift Unchecked user input in XML responses

N/A

CVSS Score

Basic Information

CVE ID
CVE-2013-2161
GHSA ID
GHSA-9xgv-6v35-mmcj
EPSS Score
0.55299%
CWE
CWE-94
Published
5/14/2022
Updated
5/14/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
-
Package NameEcosystemVulnerable VersionsFirst Patched Version
swiftpip< 1.9.01.9.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the unescaped insertion of the 'account' variable into an XML response in swift/account/server.py. The GitHub patch explicitly adds saxutils.escape(account) to mitigate this, confirming the lack of input sanitization in the original code. The CWE-94 classification and commit message directly align with this code change, indicating high confidence in this function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

XML inj**tion vuln*r**ility in ***ount/utils.py in Op*nSt**k Swi*t *olsom, *rizzly, *n* **v*n* *llows *tt**k*rs to tri***r inv*li* or spoo*** Swi*t r*spons*s vi* *n ***ount n*m*.

Reasoning

T** vuln*r**ility st*ms *rom t** un*s**p** ins*rtion o* t** '***ount' v*ri**l* into *n XML r*spons* in swi*t/***ount/s*rv*r.py. T** *it*u* p*t** *xpli*itly ***s s*xutils.*s**p*(***ount) to miti**t* t*is, *on*irmin* t** l**k o* input s*nitiz*tion in t