Access Control Flaw in OpenStack Swift Affects S3 API
CVE-2022-47950

6.5MEDIUM

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
18 January 2023

Summary

An issue has been identified in OpenStack Swift affecting specific versions. This vulnerability allows an authenticated user to craft XML files that can manipulate the S3 API, leading to the exposure of arbitrary file contents from the host server. This can result in unauthorized access to sensitive data, impacting both s3api and swift3 deployments, particularly those using versions Rocky or later and Queens and earlier respectively.

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.