CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-5223 – openstack-swift: Information leak via Swift tempurls
https://notcve.org/view.php?id=CVE-2015-5223
16 Oct 2015 — OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. OpenStack Object Storage (Swift) en versiones anteriores a 2.4.0 permite a atacantes obtener información sensible a través de un PUT tempurl y un manifiesto de objeto DLO que hace referencia a un objeto en otro contenedor. A flaw was discovered in the OpenStack Object Storage service (swift) TempURLs. An attacker in possess... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-1856 – Swift: unauthorized deletion of versioned Swift object
https://notcve.org/view.php?id=CVE-2015-1856
17 Apr 2015 — OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. OpenStack Object Storage (Swift) anterior a 2.3.0, cuando allow_version está configurado, permite a usuarios remotos autenticados eliminar la última versión de un objeto mediante el aprovechamiento del acceso listado al contenedor de la localización de versiones x. A flaw was found in Op... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7960 – openstack-swift: Swift metadata constraints are not correctly enforced
https://notcve.org/view.php?id=CVE-2014-7960
17 Oct 2014 — OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. OpenStack Object Storage (Swift) anterior a 2.2.0 permite a usuarios remotos autenticados evadir las restricciones max_meta_count y otros metadatos a través de múlitples peticiones manipuladas que exceden el límite cuando éstas se combinan. A flaw was found in the metadata constraints in OpenStack Objec... • http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 34EXPL: 0CVE-2013-6396
https://notcve.org/view.php?id=CVE-2013-6396
18 Feb 2014 — The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La librería del cliente Python de OpenStack para Swift (python-swiftclient) 1.0 hasta 1.9.0 no verifica los certificados X.509 provenientes de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sens... • http://www.openwall.com/lists/oss-security/2014/02/17/7 • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0006 – Swift: TempURL timing attack
https://notcve.org/view.php?id=CVE-2014-0006
23 Jan 2014 — The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. El middleware TempURL de OpenStack Object Storage (Swift) 1.4.6 hasta la versión 1.8.0, 1.9.0 hasta 1.10.0 y 1.11.0 permite a atacantes remotos obtener URLs secretas mediante el aprovechamiento de un nombre de objeto y un ataque de canal lateral basado en análisis de tiempo. OpenStack Obje... • http://rhn.redhat.com/errata/RHSA-2014-0232.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •