Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openstack swift vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-16613
An issue exists in middleware.py in OpenStack Swauth up to and including 1.2.0 when used with OpenStack Swift up to and including 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log fi...
Openstack Swauth
Openstack Swift
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2012-4406
OpenStack Object Storage (swift) prior to 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote malicious users to execute arbitrary code via a crafted pickle object.
Openstack Swift
Fedoraproject Fedora 16
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Storage 2.0
Redhat Storage For Public Cloud 2.0
Redhat Gluster Storage Server For On-premise 2.0
Redhat Gluster Storage Management Console 2.0
7.4
CVSSv3
CVE-2015-8466
Swift3 prior to 1.9 allows remote malicious users to conduct replay attacks via an Authorization request that lacks a Date header.
Fedoraproject Fedora 23
Openstack Swift3
6.5
CVSSv3
CVE-2022-47950
An issue exists in OpenStack Swift prior to 2.28.1, 2.29.x prior to 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially se...
Openstack Swift
Openstack Swift 2.30.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2020-10753
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the ...
Redhat Ceph Storage 3.0
Redhat Ceph Storage 4.0
Redhat Openstack 15
Fedoraproject Fedora 32
Opensuse Leap 15.1
Linuxfoundation Ceph
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
4.3
CVSSv3
CVE-2017-8761
In OpenStack Swift up to and including 2.10.1, 2.11.0 up to and including 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are...
Openstack Swift
Openstack Swift 2.14.0
NA
CVE-2013-6396
The OpenStack Python client library for Swift (python-swiftclient) 1.0 up to and including 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Openstack Swift 1.8.0
Openstack Swift 1.1.0
Openstack Swift 1.4.6
Openstack Swift 1.2.0
Openstack Swift 1.4.4
Openstack Swift 1.0.2
Openstack Swift 1.9.0
Openstack Swift 1.3.0
Openstack Swift 1.4.1
Openstack Swift 1.0.1
Openstack Swift 1.7.4
Openstack Swift 1.7.2
Openstack Swift 1.7.6
Openstack Swift 1.4.0
Openstack Swift 1.4.3
Openstack Swift 1.10.0
Openstack Swift 1.6.0
Openstack Swift 1.11.0
Openstack Swift 1.4.7
Openstack Swift 1.4.8
Openstack Swift 1.4.2
Openstack Swift 1.0.0
NA
CVE-2013-2161
XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows malicious users to trigger invalid or spoofed Swift responses via an account name.
Openstack Havana -
Opensuse Opensuse 12.3
Openstack Grizzly -
Openstack Folsom -
NA
CVE-2013-1840
The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which allows remote authenticated users to obtain the operator's backend credentials via a request for a cached image.
Openstack Glance V1
NA
CVE-2013-0212
store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) prior to 2012.2.3, and Grizzly, when in Swift single tenant mode, logs the Swift endpoint's user name and password in cleartext when the endpoint is misconfigured or unusable, allows remote authenticated user...
Openstack Image Registry And Delivery Service (glance) 2012.2.2
Openstack Image Registry And Delivery Service (glance) 2012.2.1
Openstack Image Registry And Delivery Service (glance) 2012.1
Openstack Image Registry And Delivery Service (glance) 2012.2
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.10
Canonical Ubuntu Linux 12.04
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started