Lucene search
K
OpenstackSwift

5 matches found

CVE
CVE
added 2014/07/03 5:0 p.m.95 views

CVE-2014-3497

OpenStack Swift versions 1.11.0–1.13.1 are affected by a cross-site scripting (XSS) vulnerability caused by insufficient escaping of HTTP header values, enabling remote injection via the WWW-Authenticate header. Impact is XSS in affected users’ browsers; exploitation details are not provided in t...

4.3CVSS5.5AI score0.02083EPSS
CVE
CVE
added 2013/08/20 10:0 p.m.85 views

CVE-2013-4155

OpenStack Swift vulnerability CVE-2013-4155 affects Swift before 1.9.1 in Folsom, Grizzly, and Havana. An authenticated user can trigger a denial of service by issuing a DELETE request with an outdated timestamp, causing superfluous tombstone consumption and Swift cluster slowdown. The primary im...

4CVSS6AI score0.01661EPSS
CVE
CVE
added 2021/06/02 1:45 p.m.85 views

CVE-2017-8761

OpenStack Swift CVE-2017-8761 affects proxy-server in Swift versions up to 2.14.0 (including 2.10.1, 2.11.0–2.13.0, 2.14.0). The proxy-server logs full tempurl paths, potentially exposing reusable tempurl signatures to anyone with read access to logs. All Swift deployments using the tempurl middl...

4.3CVSS4.3AI score0.00789EPSS
CVE
CVE
added 2014/01/23 1:0 a.m.81 views

CVE-2014-0006

The CVE-2014-0006 issue affects OpenStack Swift, where the TempURL middleware exhibits a timing side-channel risk that can leak secret URLs. Affected releases are Swift 1.4.6–1.8.0, 1.9.0–1.10.0, and 1.11.0. Root cause: timing-based information leakage in TempURL handling when an object name is k...

4.3CVSS6.3AI score0.01895EPSS
CVE
CVE
added 2014/10/17 3:0 p.m.68 views

CVE-2014-7960

CVE-2014-7960 affects OpenStack Object Storage (Swift) before 2.2.0. A vulnerability in metadata constraints allows remote authenticated users to bypass max_meta_count and related limits by issuing multiple crafted requests that exceed the configured threshold. The issue is confirmed in multiple ...

4CVSS6.1AI score0.03023EPSS