52 lines
1.3 KiB
YAML
52 lines
1.3 KiB
YAML
date: 2023-01-17
|
|
|
|
id: OSSA-2023-001
|
|
|
|
title: Arbitrary file access through custom S3 XML entities
|
|
|
|
description: >
|
|
Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML parser. By
|
|
supplying specially crafted XML files an authenticated user may coerce the S3
|
|
API into returning arbitrary file contents from the host server resulting in
|
|
unauthorized read access to potentially sensitive data; this impacts both
|
|
s3api deployments (Rocky or later), and swift3 deployments (Queens and
|
|
earlier, no longer actively developed). Only deployments with S3
|
|
compatibility enabled are affected.
|
|
|
|
affected-products:
|
|
- product: Swift
|
|
version: '<2.28.1, >=2.29.0 <2.29.2, ==2.30.0'
|
|
|
|
vulnerabilities:
|
|
- cve-id: CVE-2022-47950
|
|
|
|
reporters:
|
|
- name: Sébastien Meriot
|
|
affiliation: OVH
|
|
reported:
|
|
- CVE-2022-47950
|
|
|
|
issues:
|
|
links:
|
|
- https://launchpad.net/bugs/1998625
|
|
|
|
reviews:
|
|
2023.1/antelope:
|
|
- https://review.opendev.org/870823
|
|
|
|
zed:
|
|
- https://review.opendev.org/870825
|
|
|
|
yoga:
|
|
- https://review.opendev.org/870826
|
|
|
|
xena:
|
|
- https://review.opendev.org/870827
|
|
|
|
wallaby:
|
|
- https://review.opendev.org/870828
|
|
|
|
notes:
|
|
- The stable/wallaby branch is under extended maintenance and will receive no
|
|
new point releases, but a patch for it is provided as a courtesy.
|