{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-47950", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T15:02:36.630Z", "dateReserved": "2022-12-24T00:00:00", "datePublished": "2023-01-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-25T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://launchpad.net/bugs/1998625"}, {"url": "https://security.openstack.org/ossa/OSSA-2023-001.html"}, {"name": "[debian-lts-announce] 20230125 [SECURITY] [DLA 3281-1] swift security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html"}, {"name": "DSA-5327", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5327"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T15:02:36.630Z"}, "title": "CVE Program Container", "references": [{"url": "https://launchpad.net/bugs/1998625", "tags": ["x_transferred"]}, {"url": "https://security.openstack.org/ossa/OSSA-2023-001.html", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230125 [SECURITY] [DLA 3281-1] swift security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html"}, {"name": "DSA-5327", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5327"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "matchCriteriaId": "5960CC54-9C52-4C0E-98E6-6BC47A76BD6D", "versionEndExcluding": "2.28.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "matchCriteriaId": "6CD6B1FC-5309-430C-B68B-5CA53769F764", "versionEndExcluding": "2.29.2", "versionStartIncluding": "2.29.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:openstack:swift:2.30.0:*:*:*:*:*:*:*", "matchCriteriaId": "DB932AB6-E5AA-4B1B-A8BB-CBA2310FD9F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed)."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en OpenStack Swift anterior a 2.28.1, 2.29.x anterior a 2.29.2 y 2.30.0. Al proporcionar archivos XML manipulados, un usuario autenticado puede obligar a la API de S3 a devolver contenidos de archivos arbitrarios desde el servidor host, lo que resulta en un acceso de lectura no autorizado a datos potencialmente confidenciales. Esto afecta tanto a las implementaciones de s3api (Rocky o posterior) como a las implementaciones de swift3 (Queens y anteriores, que ya no se desarrollan activamente)."}], "id": "CVE-2022-47950", "lastModified": "2024-11-21T07:32:37.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-18T17:15:10.290", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://launchpad.net/bugs/1998625"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2023-001.html"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2023/dsa-5327"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://launchpad.net/bugs/1998625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.openstack.org/ossa/OSSA-2023-001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2023/dsa-5327"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank S\u00e9bastien Meriot (OVH) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2023:1277", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-swift-plugin-swift3-0:1.12.1-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 - ELS", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:1277", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "openstack-swift-plugin-swift3-0:1.12.1-1.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:1277", "cpe": "cpe:/a:redhat:openstack:16.1::el8", "package": "openstack-swift-0:2.23.2-1.20230201163512.eef87ee.el8ost", "product_name": "Red Hat OpenStack Platform 16.1", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:1277", "cpe": "cpe:/a:redhat:openstack:16.2::el8", "package": "openstack-swift-0:2.23.4-2.20220422185313.2829195.el8ost", "product_name": "Red Hat OpenStack Platform 16.2", "release_date": "2023-03-15T00:00:00Z"}, {"advisory": "RHSA-2023:1013", "cpe": "cpe:/a:redhat:openstack:17.0::el9", "package": "openstack-swift-0:2.27.1-0.20230201120900.6a1a8ce.el9ost", "product_name": "Red Hat OpenStack Platform 17.0", "release_date": "2023-02-28T00:00:00Z"}], "bugzilla": {"description": "openstack-swift: Arbitrary file access through custom S3 XML entities", "id": "2160618", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160618"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.7", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-552", "details": ["An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).", "A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api deployments (Rocky or later) and swift3 deployments (Queens and earlier, no longer actively developed). Only deployments with S3 compatibility enabled are affected."], "name": "CVE-2022-47950", "package_state": [{"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "openstack-swift", "product_name": "Red Hat Storage 3"}], "public_date": "2023-01-17T15:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-47950\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-47950\nhttps://launchpad.net/bugs/1998625"], "threat_severity": "Important"}