The OpenStack project reports: Title: XSS in Swift requests through WWW-Authenticate header Reporter: Globo.com Security Team Products: Swift Versions: 1.11.0 to 1.13.1 Description: Globo.com Security Team reported a vulnerability in Swift's header value escaping. By tricking a Swift user into clicking a malicious URL, a remote attacker may inject data in Swift response while still appearing to come from the Swift server, potentially leading to other client-side vulnerabilities. All Swift setups are affected.
Acknowledgements: Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges the Globo.com Security Team as the original reporter.
This issue is public: http://www.openwall.com/lists/oss-security/2014/06/19/10
Created openstack-swift tracking bugs for this issue: Affects: epel-6 [bug 1113381]
The version of openstack-swift in Fedora should be too old to be affected.
This issue has been addressed in following products: OpenStack 5 for RHEL 7 Via RHSA-2014:0941 https://rhn.redhat.com/errata/RHSA-2014-0941.html
IssueDescription: It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks (and possibly other impacts) if a user were tricked into clicking on a malicious URL.