5 matches found
CVE-2014-3497
OpenStack Swift versions 1.11.0–1.13.1 are affected by a cross-site scripting (XSS) vulnerability caused by insufficient escaping of HTTP header values, enabling remote injection via the WWW-Authenticate header. Impact is XSS in affected users’ browsers; exploitation details are not provided in t...
CVE-2013-4155
OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...
CVE-2017-8761
OpenStack Swift CVE-2017-8761 affects proxy-server in Swift versions up to 2.14.0 (including 2.10.1, 2.11.0–2.13.0, 2.14.0). The proxy-server logs full tempurl paths, potentially exposing reusable tempurl signatures to anyone with read access to logs. All Swift deployments using the tempurl middl...
CVE-2014-0006
The CVE-2014-0006 issue affects OpenStack Swift, where the TempURL middleware exhibits a timing side-channel risk that can leak secret URLs. Affected releases are Swift 1.4.6–1.8.0, 1.9.0–1.10.0, and 1.11.0. Root cause: timing-based information leakage in TempURL handling when an object name is k...
CVE-2014-7960
CVE-2014-7960 affects OpenStack Object Storage (Swift) before 2.2.0. A vulnerability in metadata constraints allows remote authenticated users to bypass max_meta_count and related limits by issuing multiple crafted requests that exceed the configured threshold. The issue is confirmed in multiple ...