Lucene search
K

7 matches found

EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40360

SeaweedFS before 4.34 contains a path traversal vulnerability in the S3 gateway DeleteMultipleObjectsHandler that allows authenticated S3 principals with write access to a single bucket to delete arbitrary objects in other tenants' buckets by supplying object keys containing ../ sequences in the...

8.1CVSS5.9AI score0.00766EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-54917

SeaweedFS is a distributed storage system for object storage S3, file systems, and Iceberg tables. Prior to 4.30, the S3 API gateway and the Iceberg REST catalog gateway construct their routers with mux.NewRouter.SkipCleantrue. With path cleaning disabled, a .. segment inside the URL survives...

10CVSS0.00345EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/01/15 10:35 p.m.22 views

CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to 1.75.0, an attacker who captures a valid signed request e.g., through network interception, logs...

6.5CVSS0.00239EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/15 12:0 a.m.5 views

lakeFS security vulnerability

LakeFS is an open-source tool developed by Treeverse. It allows you to convert your object storage into a repository similar to Git. Versions of LakeFS prior to 1.75.0 contained security vulnerabilities. These vulnerabilities stemmed from the S3 gateway not verifying the timestamps in authenticat...

6.5CVSS5.8AI score0.00239EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/02/08 4:53 p.m.9 views

rgw: improperly verified POST keys

A flaw was found in rgw. This flaw allows an unprivileged user to write to any buckets accessible by a given key if a POST's form-data contains a key called 'bucket' with a value matching the bucket's name used to sign the request. This issue results in a user being able to upload to any bucket...

9.8CVSS5.8AI score0.02539EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.3 views

SUSE CVE-2022-3854

A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service...

6.5CVSS7.3AI score0.00564EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2016/09/29 1:11 p.m.7 views

ceph: RGW permits bucket listing when authenticated_users=read

A flaw was found in Ceph RGW code which allows an anonymous user to list contents of RGW bucket by bypassing ACL which should only allow authenticated users to list contents of bucket...

7.5CVSS5.8AI score0.01751EPSS
Exploits1References4
Rows per page
Query Builder