CVE 2013-2255
HTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
Related bugs and status
CVE-2013-2255 (Candidate) is related to these bugs:
Bug #1188189: Some server-side 'SSL' communication fails to check certificates (use of HTTPSConnection)
Bug #1436082: VMWare and HTTP stores do not verify HTTPS Connections as they use httplib.HTTPSConnection
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1436082 | VMWare and HTTP stores do not verify HTTPS Connections as they use httplib.HTTPSConnection | glance_store | High | Fix Released | ||
| 1436082 | VMWare and HTTP stores do not verify HTTPS Connections as they use httplib.HTTPSConnection | OpenStack Security Notes | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
