// For flags

CVE-2012-4406

Openstack-Swift: insecure use of python pickle()

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modificado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-08-21 CVE Reserved
  • 2012-10-17 CVE Published
  • 2024-05-22 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-502: Deserialization of Untrusted Data
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openstack
Search vendor "Openstack"
 Swift
Search vendor "Openstack" for product "Swift"
 < 1.7.0
Search vendor "Openstack" for product "Swift" and version " < 1.7.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 16
Search vendor "Fedoraproject" for product "Fedora" and version "16"
-
Affected
Redhat
Search vendor "Redhat"
 Gluster Storage Management Console
Search vendor "Redhat" for product "Gluster Storage Management Console"
 2.0
Search vendor "Redhat" for product "Gluster Storage Management Console" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
 Gluster Storage Server For On-premise
Search vendor "Redhat" for product "Gluster Storage Server For On-premise"
 2.0
Search vendor "Redhat" for product "Gluster Storage Server For On-premise" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
 Storage
Search vendor "Redhat" for product "Storage"
 2.0
Search vendor "Redhat" for product "Storage" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
 Storage For Public Cloud
Search vendor "Redhat" for product "Storage For Public Cloud"
 2.0
Search vendor "Redhat" for product "Storage For Public Cloud" and version "2.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 5.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected