CVE-2022-47950 – openstack-swift: Arbitrary file access through custom S3 XML entities
https://notcve.org/view.php?id=CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). Se descubrió un problema en OpenStack Swift anterior a 2.28.1, 2.29.x anterior a 2.29.2 y 2.30.0. Al proporcionar archivos XML manipulados, un usuario autenticado puede obligar a la API de S3 a devolver contenidos de archivos arbitrarios desde el servidor host, lo que resulta en un acceso de lectura no autorizado a datos potencialmente confidenciales. • https://launchpad.net/bugs/1998625 https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html https://security.openstack.org/ossa/OSSA-2023-001.html https://www.debian.org/security/2023/dsa-5327 https://access.redhat.com/security/cve/CVE-2022-47950 https://bugzilla.redhat.com/show_bug.cgi?id=2160618 • CWE-552: Files or Directories Accessible to External Parties •
CVE-2017-8761
https://notcve.org/view.php?id=CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected. En OpenStack Swift versiones hasta 2.10.1, versiones 2.11.0 hasta 2.13.0 y la versión 2.14.0, el servidor proxy registra las rutas tempurl completas, potencialmente filtrando firmas tempurl reutilizables a cualquiera que tenga acceso a estos registros. Todas las implantaciones de Swift que usen el middleware tempurl están afectadas • https://launchpad.net/bugs/1685798 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-16613
https://notcve.org/view.php?id=CVE-2017-16613
An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team. Se descubrió un problema en middleware.py en OpenStack Swauth hasta la versión 1.2.0 cuando se utiliza con OpenStack Swift hasta la versión 2.15.1. • http://www.securityfocus.com/bid/101926 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314 https://bugs.launchpad.net/swift/+bug/1655781 https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298 https://www.debian.org/security/2017/dsa-4044 • CWE-287: Improper Authentication •
CVE-2016-9590 – puppet-swift: installs config file with world readable permissions
https://notcve.org/view.php?id=CVE-2016-9590
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. puppet-swift en versiones anteriores a la 8.2.1 y 9.4.4 es vulnerable a la divulgación de información en la instalación de Object Storage (swift) de Red Hat OpenStack Platform director. Durante la instalación, el script Puppet responsable de desplegar el servicio elimina y recrea incorrectamente el archivo proxy-server.conf con permisos de lectura globales. An information-disclosure flaw was discovered in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying the service incorrectly removes and recreates the proxy-server.conf file with world-readable permissions. • http://rhn.redhat.com/errata/RHSA-2017-0200.html http://rhn.redhat.com/errata/RHSA-2017-0359.html http://rhn.redhat.com/errata/RHSA-2017-0361.html http://www.securityfocus.com/bid/95448 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9590 https://access.redhat.com/security/cve/CVE-2016-9590 https://bugzilla.redhat.com/show_bug.cgi?id=1410293 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-0737 – openstack-swift: Client to proxy DoS through Large Objects
https://notcve.org/view.php?id=CVE-2016-0737
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL. OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 no cierra correctamente las conexionen del cliente, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos del servidor proxy) a través de una serie de peticiones interrumpidas a una URL Large Object. A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption. • http://rhn.redhat.com/errata/RHSA-2016-0128.html http://rhn.redhat.com/errata/RHSA-2016-0155.html http://rhn.redhat.com/errata/RHSA-2016-0329.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/81432 https://bugs.launchpad.net/swift/+bug/1466549 https://launchpad.net/swift/+milestone/2.4.0 https://review.openstack.org/#/c/217750 https://security.openstack.org/ossa/OSSA-2016-004.html https://access • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •