Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-47950

Опубликовано: 18 янв. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

РелизСтатусПримечание
bionic

not-affected

code not present
devel

released

2.31.0+git2023020814.488f8c83-0ubuntu1
esm-infra/bionic

not-affected

code not present
esm-infra/focal

released

2.25.2-0ubuntu1.1
esm-infra/xenial

needed

focal

released

2.25.2-0ubuntu1.1
jammy

released

2.29.2-0ubuntu1
kinetic

released

2.30.1-0ubuntu1
lunar

released

2.31.0+git2023020814.488f8c83-0ubuntu1
mantic

released

2.31.0+git2023020814.488f8c83-0ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 40%
0.00181
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-47950

CVSS3: 7.7
redhat
почти 3 года назад

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

nvd логотип

CVE-2022-47950

CVSS3: 6.5
nvd
почти 3 года назад

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

debian логотип

CVE-2022-47950

CVSS3: 6.5
debian
почти 3 года назад

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...

github логотип

GHSA-274c-rx2j-2v3x

CVSS3: 6.5
github
почти 3 года назад

OpenStack Swift XML external entities (XXE) Injection

fstec логотип

BDU:2023-00933

CVSS3: 7.7
fstec
почти 3 года назад

Уязвимость компонента swift/common/middleware/s3api/etree.py интерфейса S3 API распределенной системы хранения объектов Swift, позволяющая нарушителю получить несанкционированный доступ на чтение произвольных файлов

EPSS

Процентиль: 40%
0.00181
Низкий

6.5 Medium

CVSS3