Lucene search
K

9 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS0.00766EPSS
Exploits0References6
CVE
CVE
added 5 days ago10 views

CVE-2026-58372

SeaweedFS prior to 4.34 is affected by a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to a single bucket can delete arbitrary objects in other tenants’ buckets by sending object keys containing ../ in the DeleteObjects ...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2025-66467

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8.1CVSS5.4AI score0.00373EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2025-209743

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 1:16 p.m.15 views

CVE-2025-66467

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8.1CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 12:16 p.m.23 views

CVE-2025-66467

CVE-2025-66467 affects Apache CloudStack in scenarios where MinIO policy cleanup is not performed on bucket deletion. The issue allows previous bucket owners to retain access to buckets they formerly owned: if another user creates a bucket with the same name, those prior owners can gain unauthori...

8.1CVSS5.8AI score0.00373EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 12:16 p.m.8 views

CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8CVSS5.8AI score0.00373EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-38916

Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Missing MinIO policy cleanup during bucket deletion allows users to retain access to buckets they previously owned. If a different user creat...

8.1CVSS5.8AI score0.00373EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.9 views

Apache CloudStack 安全漏洞

Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. There is a security vulnerability in Apache CloudStack, which stems from the lack of MinI...

8.1CVSS5.8AI score0.00373EPSS
Exploits0References1
Rows per page
Query Builder