CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2014-0006 – Swift: TempURL timing attack
https://notcve.org/view.php?id=CVE-2014-0006
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack. El middleware TempURL de OpenStack Object Storage (Swift) 1.4.6 hasta la versión 1.8.0, 1.9.0 hasta 1.10.0 y 1.11.0 permite a atacantes remotos obtener URLs secretas mediante el aprovechamiento de un nombre de objeto y un ataque de canal lateral basado en análisis de tiempo. • http://rhn.redhat.com/errata/RHSA-2014-0232.html http://www.openwall.com/lists/oss-security/2014/01/17/5 https://bugs.launchpad.net/swift/+bug/1265665 https://access.redhat.com/security/cve/CVE-2014-0006 https://bugzilla.redhat.com/show_bug.cgi?id=1051670 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2013-4155 – OpenStack: Swift Denial of Service using superfluous object tombstones
https://notcve.org/view.php?id=CVE-2013-4155
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected. OpenStack Swift nateior a 1.9.1 en Folsom, Grizzly, y Havana, permite a usuarios autenticados provocar una denegación de servicio (consumo superfluo de tombstone y desaceleración del clúster Swift) a través de una petición DELETE con un timestamp que es más antiguo que el esperado. • http://rhn.redhat.com/errata/RHSA-2013-1197.html http://www.debian.org/security/2012/dsa-2737 http://www.openwall.com/lists/oss-security/2013/08/07/6 http://www.ubuntu.com/usn/USN-2001-1 https://bugs.launchpad.net/swift/+bug/1196932 https://review.openstack.org/#/c/40643 https://review.openstack.org/#/c/40645 https://review.openstack.org/#/c/40646 https://access.redhat.com/security/cve/CVE-2013-4155 https://bugzilla.redhat.com/show_bug. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 5%CPEs: 8EXPL: 0CVE-2012-4406 – Openstack-Swift: insecure use of python pickle()
https://notcve.org/view.php?id=CVE-2012-4406
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object. OpenStack Object Storage (swift) antes de v1.7.0 utiliza la función loads en el módulo pickle de Python de forma no segura al almacenar y cargar los metadatos en memcached, lo que permite a atacantes remotos ejecutar código arbitrario a través de un objeto pickle modificado. • http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html http://rhn.redhat.com/errata/RHSA-2012-1379.html http://rhn.redhat.com/errata/RHSA-2013-0691.html http://www.openwall.com/lists/oss-security/2012/09/05/16 http://www.openwall.com/lists/oss-security/2012/09/05/4 http://www.securityfocus.com/bid/55420 https://bugs.launchpad.net/swift/+bug/1006414 https://bugzilla.redhat.com/show_bug.cgi?id=854757 https://exchange.xforce.ibmcloud.com/ • CWE-502: Deserialization of Untrusted Data •