Access Control Flaw in OpenStack Swift Affects S3 API
CVE-2022-47950
6.5MEDIUM
Summary
An issue has been identified in OpenStack Swift affecting specific versions. This vulnerability allows an authenticated user to craft XML files that can manipulate the S3 API, leading to the exposure of arbitrary file contents from the host server. This can result in unauthorized access to sensitive data, impacting both s3api and swift3 deployments, particularly those using versions Rocky or later and Queens and earlier respectively.
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved