Количество 6
Количество 6
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).
CVE-2022-47950
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ...
GHSA-274c-rx2j-2v3x
OpenStack Swift XML external entities (XXE) Injection
BDU:2023-00933
Уязвимость компонента swift/common/middleware/s3api/etree.py интерфейса S3 API распределенной системы хранения объектов Swift, позволяющая нарушителю получить несанкционированный доступ на чтение произвольных файлов
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-47950 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2022-47950 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). | CVSS3: 7.7 | 0% Низкий | почти 3 года назад |
 | CVE-2022-47950 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| CVE-2022-47950 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x befor ... | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| GHSA-274c-rx2j-2v3x OpenStack Swift XML external entities (XXE) Injection | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | BDU:2023-00933 Уязвимость компонента swift/common/middleware/s3api/etree.py интерфейса S3 API распределенной системы хранения объектов Swift, позволяющая нарушителю получить несанкционированный доступ на чтение произвольных файлов | CVSS3: 7.7 | 0% Низкий | почти 3 года назад |
Уязвимостей на страницу