Sebastien Meriot discovered that the S3 API of Swift, a distributed
virtual object store, was susceptible to information disclosure.
For Debian 10 buster, this problem has been fixed in version
2.19.1-1+deb10u1.
We recommend that you upgrade your swift packages.
For the detailed security status of swift please refer to
its security tracker page at:
<https://security-tracker.debian.org/tracker/swift>
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>
{"id": "OSV:DLA-3281-1", "vendorId": null, "type": "osv", "bulletinFamily": "software", "title": "swift - security update", "description": "\nSebastien Meriot discovered that the S3 API of Swift, a distributed\nvirtual object store, was susceptible to information disclosure.\n\n\nFor Debian 10 buster, this problem has been fixed in version\n2.19.1-1+deb10u1.\n\n\nWe recommend that you upgrade your swift packages.\n\n\nFor the detailed security status of swift please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/swift>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "published": "2023-01-25T00:00:00", "modified": "2023-01-25T03:18:46", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://osv.dev/vulnerability/DLA-3281-1", "reporter": "Google", "references": ["https://www.debian.org/lts/security/2023/dla-3281"], "cvelist": ["CVE-2022-47950"], "immutableFields": [], "lastseen": "2023-01-25T03:18:48", "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2022-47950"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-47950"]}, {"type": "osv", "idList": ["OSV:DSA-5327-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-47950"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-47950"]}, {"type": "veracode", "idList": ["VERACODE:38913"]}]}, "score": {"value": 0.9, "vector": "NONE"}, "affected_software": {"major_version": [{"name": "swift", "version": 2}]}, "vulnersScore": 0.9}, "_state": {"dependencies": 1674616740, "score": 1674616851, "affected_software_major_version": 1674618116}, "_internal": {"score_hash": "235887e793eb5d94ec0880ef27be86af"}, "affectedSoftware": [{"version": "2.19.1-1", "operator": "eq", "name": "swift"}]}
{"osv": [{"lastseen": "2023-01-25T19:07:51", "description": "\nSebastien Meriot discovered that the S3 API of Swift, a distributed\nvirtual object store, was susceptible to information disclosure.\n\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.26.0-10+deb11u1.\n\n\nWe recommend that you upgrade your swift packages.\n\n\nFor the detailed security status of swift please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/swift](https://security-tracker.debian.org/tracker/swift)\n\n\n", "cvss3": {}, "published": "2023-01-24T00:00:00", "type": "osv", "title": "swift - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-25T19:07:49", "id": "OSV:DSA-5327-1", "href": "https://osv.dev/vulnerability/DSA-5327-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-01-26T02:07:19", "description": "An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-18T17:15:00", "type": "debiancve", "title": "CVE-2022-47950", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-18T17:15:00", "id": "DEBIANCVE:CVE-2022-47950", "href": "https://security-tracker.debian.org/tracker/CVE-2022-47950", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2023-01-26T02:13:07", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5327-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJanuary 24, 2023 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : swift\nCVE ID : CVE-2022-47950\nDebian Bug : 1029200\n\nSebastien Meriot discovered that the S3 API of Swift, a distributed\nvirtual object store, was susceptible to information disclosure.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 2.26.0-10+deb11u1.\n\nWe recommend that you upgrade your swift packages.\n\nFor the detailed security status of swift please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/swift\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-24T20:03:46", "type": "debian", "title": "[SECURITY] [DSA 5327-1] swift security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-24T20:03:46", "id": "DEBIAN:DSA-5327-1:45B58", "href": "https://lists.debian.org/debian-security-announce/2023/msg00016.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T02:18:33", "description": "- -----------------------------------------------------------------------\nDebian LTS Advisory DLA-3281-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Utkarsh Gupta\nJanuary 25, 2023 https://wiki.debian.org/LTS\n- -----------------------------------------------------------------------\n\nPackage : swift\nVersion : 2.19.1-1+deb10u1\nCVE ID : CVE-2022-47950\nDebian Bug : 1029200\n\nSebastien Meriot discovered that the S3 API of Swift, a distributed\nvirtual object store, was susceptible to information disclosure.\n\nFor Debian 10 buster, this problem has been fixed in version\n2.19.1-1+deb10u1.\n\nWe recommend that you upgrade your swift packages.\n\nFor the detailed security status of swift please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/swift\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-25T02:18:17", "type": "debian", "title": "[SECURITY] [DLA 3281-1] swift security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-25T02:18:17", "id": "DEBIAN:DLA-3281-1:EB1A2", "href": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-01-26T02:10:10", "description": "A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api deployments (Rocky or later) and swift3 deployments (Queens and earlier, no longer actively developed). Only deployments with S3 compatibility enabled are affected.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-17T16:35:01", "type": "redhatcve", "title": "CVE-2022-47950", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-17T16:35:01", "id": "RH:CVE-2022-47950", "href": "https://access.redhat.com/security/cve/cve-2022-47950", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-01-26T13:08:36", "description": "An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before\n2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user\nmay coerce the S3 API into returning arbitrary file contents from the host\nserver, resulting in unauthorized read access to potentially sensitive\ndata. This impacts both s3api deployments (Rocky or later), and swift3\ndeployments (Queens and earlier, no longer actively developed).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-18T00:00:00", "type": "ubuntucve", "title": "CVE-2022-47950", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-18T00:00:00", "id": "UB:CVE-2022-47950", "href": "https://ubuntu.com/security/CVE-2022-47950", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-01-27T18:33:44", "description": "swift is vulnerable to XML External Entity (XXE) attacks. The vulnerability allows a remote authenticated attacker to access potentially sensitive data in S3 buckets by persuading the `S3 API` into returning arbitrary file contents from the host server.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-19T01:09:15", "type": "veracode", "title": "XML External Entity (XXE)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-26T23:38:18", "id": "VERACODE:38913", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-38913/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-01-28T00:38:11", "description": "The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3281 advisory.\n\n - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). (CVE-2022-47950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-25T00:00:00", "type": "nessus", "title": "Debian DLA-3281-1 : swift - LTS security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python-swift:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-account:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-container:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-drive-audit:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-object:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-object-expirer:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-proxy:*:*:*:*:*:*:*"], "id": "DEBIAN_DLA-3281.NASL", "href": "https://www.tenable.com/plugins/nessus/170609", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3281. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170609);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\"CVE-2022-47950\");\n\n script_name(english:\"Debian DLA-3281-1 : swift - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3281\nadvisory.\n\n - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying\n crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from\n the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both\n s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively\n developed). (CVE-2022-47950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/swift\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2023/dla-3281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/swift\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the swift packages.\n\nFor Debian 10 buster, this problem has been fixed in version 2.19.1-1+deb10u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-47950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-swift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-account\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-drive-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-object\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-object-expirer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'python-swift', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-account', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-container', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-doc', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-drive-audit', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-object', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-object-expirer', 'reference': '2.19.1-1+deb10u1'},\n {'release': '10.0', 'prefix': 'swift-proxy', 'reference': '2.19.1-1+deb10u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-swift / swift / swift-account / swift-container / swift-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-28T00:37:39", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5327 advisory.\n\n - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). (CVE-2022-47950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-26T00:00:00", "type": "nessus", "title": "Debian DSA-5327-1 : swift - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-26T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-account:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-container:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-drive-audit:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-object:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-object-expirer:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:swift-proxy:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:python3-swift:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5327.NASL", "href": "https://www.tenable.com/plugins/nessus/170656", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5327. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(170656);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/26\");\n\n script_cve_id(\"CVE-2022-47950\");\n\n script_name(english:\"Debian DSA-5327-1 : swift - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5327\nadvisory.\n\n - An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying\n crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from\n the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both\n s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively\n developed). (CVE-2022-47950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029200\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/swift\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2023/dsa-5327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-47950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/swift\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the swift packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 2.26.0-10+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-47950\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-swift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-account\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-drive-audit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-object\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-object-expirer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:swift-proxy\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar debian_release = get_kb_item('Host/Debian/release');\nif ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');\ndebian_release = chomp(debian_release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'python3-swift', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-account', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-container', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-doc', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-drive-audit', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-object', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-object-expirer', 'reference': '2.26.0-10+deb11u1'},\n {'release': '11.0', 'prefix': 'swift-proxy', 'reference': '2.26.0-10+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var _release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (_release && prefix && reference) {\n if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-swift / swift / swift-account / swift-container / swift-doc / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-01-30T17:26:50", "description": "An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-01-18T17:15:00", "type": "cve", "title": "CVE-2022-47950", "cwe": ["CWE-552"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2022-47950"], "modified": "2023-01-30T15:09:00", "cpe": ["cpe:/o:debian:debian_linux:10.0", "cpe:/a:openstack:swift:2.30.0"], "id": "CVE-2022-47950", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47950", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:openstack:swift:2.30.0:*:*:*:*:*:*:*"]}]}
swift - security update
