9 matches found
CVE-2026-58372 SeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body Keys
SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...
CVE-2026-58372
SeaweedFS prior to 4.34 is affected by a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler. Authenticated S3 principals with write access to a single bucket can delete arbitrary objects in other tenants’ buckets by sending object keys containing ../ in the DeleteObjects ...
CVE-2025-66467
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
EUVD-2025-209743
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
CVE-2025-66467
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
CVE-2025-66467
CVE-2025-66467 affects Apache CloudStack in scenarios where MinIO policy cleanup is not performed on bucket deletion. The issue allows previous bucket owners to retain access to buckets they formerly owned: if another user creates a bucket with the same name, those prior owners can gain unauthori...
CVE-2025-66467 Apache CloudStack: MinIO policy remains intact on bucket deletion
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
PT-2026-38916
Name of the Vulnerable Software and Affected Versions Apache CloudStack versions prior to 4.20.3.0 Apache CloudStack versions prior to 4.22.0.1 Description Missing MinIO policy cleanup during bucket deletion allows users to retain access to buckets they previously owned. If a different user creat...
Apache CloudStack 安全漏洞
Apache CloudStack is an IaaS cloud computing platform developed by the Apache Foundation in the United States. This platform is primarily used for deploying and managing large-scale virtual machine networks. There is a security vulnerability in Apache CloudStack, which stems from the lack of MinI...