CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5223 – openstack-swift: Information leak via Swift tempurls
https://notcve.org/view.php?id=CVE-2015-5223
16 Oct 2015 — OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 permite a atacantes obtener información sensible a través de un PUT tempurl y un manifiesto de objeto DLO que hace referencia a un objeto en otro contenedor. A flaw was discovered in the OpenStack Object Storage service (swift) TempURLs. An attacker in possess... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1856 – Swift: unauthorized deletion of versioned Swift object
https://notcve.org/view.php?id=CVE-2015-1856
17 Apr 2015 — OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. OpenStack Object Storage (Swift) anterior a 2.3.0, cuando allow_version está configurado, permite a usuarios remotos autenticados eliminar la última versión de un objeto mediante el aprovechamiento del acceso listado al contenedor de la localización de versiones x. A flaw was found in Op... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7960 – openstack-swift: Swift metadata constraints are not correctly enforced
https://notcve.org/view.php?id=CVE-2014-7960
17 Oct 2014 — OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. OpenStack Object Storage (Swift) anterior a 2.2.0 permite a usuarios remotos autenticados evadir las restricciones max_meta_count y otros metadatos a través de múlitples peticiones manipuladas que exceden el límite cuando éstas se combinan. A flaw was found in the metadata constraints in OpenStack Objec... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2014-3497 – openstack-swift: XSS in Swift requests through WWW-Authenticate header
https://notcve.org/view.php?id=CVE-2014-3497
25 Jun 2014 — Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header. Vulnerabilidad de XSS en OpenStack Swift 1.11.0 hasta 1.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de la cabecera WWW-Authenticate. It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This coul... • http://lists.openstack.org/pipermail/openstack-announce/2014-June/000243.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •