OpenStack Swift 2.7.0

CPE Details

OpenStack Swift 2.7.0
openstack
swift
2.7.0
2017-12-08
17h54 +00:00
2021-03-01
19h11 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:openstack:swift:2.7.0:*:*:*:*:*:*:*

Informations

Vendor

openstack

Product

swift

Version

2.7.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-47950 2023-01-17 23h00 +00:00 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
6.5
Medium
CVE-2017-8761 2021-06-02 11h45 +00:00 In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.
4.3
Medium
CVE-2017-16613 2017-11-21 12h00 +00:00 An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
9.8
Critical