Search CVE reports
1 – 10 of 17 results
CVE-2022-47950
Medium prioritySome fixes available 7 of 8
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server,...
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | Fixed | Fixed | Fixed | Not affected | Vulnerable |
CVE-2017-8761
Low priorityIn OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using...
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | Not affected | Not affected | Vulnerable | Vulnerable | Vulnerable |
CVE-2013-2255
Low priorityHTTPSConnections in OpenStack Keystone 2013, OpenStack Compute 2013.1, and possibly other OpenStack components, fail to validate server-side SSL certificates.
6 affected packages
cinder, keystone, nova, python-keystoneclient, quantum, swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cinder | — | — | — | — | — |
keystone | — | — | — | — | — |
nova | — | — | — | — | — |
python-keystoneclient | — | — | — | — | — |
quantum | — | — | — | — | — |
swift | — | — | — | — | — |
CVE-2016-9590
Low prioritySome fixes available 1 of 5
puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an information-disclosure in Red Hat OpenStack Platform director's installation of Object Storage (swift). During installation, the Puppet script responsible for deploying...
1 affected package
puppet-module-swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
puppet-module-swift | Not affected | Not affected | Not affected | Fixed | Vulnerable |
CVE-2016-10074
Medium prioritySome fixes available 14 of 19
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double...
1 affected package
libphp-swiftmailer
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libphp-swiftmailer | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2016-0738
Low prioritySome fixes available 1 of 4
OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption)...
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | — | — | — | — | Not affected |
CVE-2016-0737
Medium prioritySome fixes available 1 of 3
OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a...
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | — | — | — | — | Not affected |
CVE-2015-8466
Medium prioritySome fixes available 1 of 5
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
1 affected package
swift-plugin-s3
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift-plugin-s3 | Not in release | Not in release | Not in release | Not affected | Vulnerable |
CVE-2015-5223
Medium prioritySome fixes available 1 of 3
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | — | — | — | — | Not affected |
CVE-2015-1856
Medium prioritySome fixes available 2 of 3
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
1 affected package
swift
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
swift | — | — | — | — | — |