204 matches found
UBUNTU-CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
OpenStack Swift contains a vulnerability (CVE-2022-47950) where a authenticated user can supply crafted XML to the S3 API, causing it to disclose arbitrary host files. Affected lines mention OpenStack Swift versions before 2.28.1, 2.29.x before 2.29.2, and 2.30.0, with impact on both s3api (Rocky...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data...
PT-2023-1506 · Openstack +2 · Openstack Swift +2
Name of the Vulnerable Software and Affected Versions: OpenStack Swift versions prior to 2.28.1 OpenStack Swift versions 2.29.x prior to 2.29.2 OpenStack Swift version 2.30.0 Description: The issue is related to the S3 API interface of the OpenStack Swift distributed object storage system. It...
Fedora: Security Advisory for restic (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: restic-0.12.1-4.fc36
A backup program that is easy, fast, verifiable, secure, efficient and free. Backup destinations can be: Local SFTP REST Server Amazon S3 Minio Server OpenStack Swift Backblaze B2 Microsoft Azure Blob Storage Google Cloud Storage Other Services via rclone...
Fedora: Security Advisory for restic (FEDORA-2022-ba365d3703)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 36 Update: restic-0.12.1-3.fc36
A backup program that is easy, fast, verifiable, secure, efficient and free. Backup destinations can be: Local SFTP REST Server Amazon S3 Minio Server OpenStack Swift Backblaze B2 Microsoft Azure Blob Storage Google Cloud Storage Other Services via rclone...
GHSA-WXX2-GQVV-34HX OpenStack Swift allows authenticated users to cause a denial of service
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service "superfluous" tombstone consumption and Swift cluster slowdown via a DELETE request with a timestamp that is older than expected...
OpenStack Swift Discloses Secret URLs to Timing Attack
The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...
GHSA-G6X3-55QV-X6P2 OpenStack Swift metadata constraints are not correctly enforced
OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...
OpenStack Swauth object/proxy server writing Auth Token to log file
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving unhashed tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allow...
GHSA-CC77-5VW4-7PWG OpenStack Swift Unauthorized delete of versioned Swift object
OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...
GHSA-Q45H-CHC8-HVP6 OpenStack Object Storage (Swift) Sensitive Data Exposure
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
GHSA-9XGV-6V35-MMCJ OpenStack Swift Unchecked user input in XML responses
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name...
GHSA-8FXC-QM65-VPXG Temporary urls leaked via logging
In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
DEBIAN-CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...