Swift

swift

Vendor: Openstack • 13 CVEs

CVEs (13)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-47950 2Debian Openstack 2Debian Linux Swift Apr 4, 2025 Jan 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host...Show more An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).Show less
CVE-2017-8761 1Openstack 1Swift Nov 21, 2024 Jun 2, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployme...Show more In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.Show less
CVE-2017-16613 2Debian Openstack 3Debian Linux SwauthSwift May 13, 2026 Nov 21, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth mid...Show more An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.Show less
CVE-2016-0738 1Openstack 1Swift May 6, 2026 Jan 29, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource co...Show more OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.Show less
CVE-2016-0737 1Openstack 1Swift May 6, 2026 Jan 29, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted request...Show more OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.Show less
CVE-2015-5223 1Openstack 1Swift May 6, 2026 Oct 26, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
CVE-2015-1856 2Canonical Openstack 2Swift Ubuntu Linux May 6, 2026 Apr 17, 2015 N/A· v4 N/A· v3 5.5 MEDIUM· v2 OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location contain...Show more OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.Show less
CVE-2014-7960 1Openstack 1Swift May 6, 2026 Oct 17, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
CVE-2014-3497 1Openstack 1Swift May 6, 2026 Jul 3, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
CVE-2013-6396 1Openstack 1Swift Apr 29, 2026 Feb 18, 2014 N/A· v4 N/A· v3 5.8 MEDIUM· v2 The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive inf...Show more The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.Show less
CVE-2014-0006 1Openstack 1Swift Apr 29, 2026 Jan 23, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...Show more The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.Show less
CVE-2013-4155 1Openstack 4Folsom GrizzlyHavana+1 more Apr 29, 2026 Aug 20, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp t...Show more OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE request with a timestamp that is older than expected.Show less
CVE-2012-4406 3Fedoraproject OpenstackRedhat 7Enterprise Linux Server FedoraGluster Storage Management Console+4 more Apr 29, 2026 Oct 22, 2012 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a cra...Show more OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.Show less