CVE-2022-47950

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-47950
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47950.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-47950
Aliases
Downstream
Related
Published
2023-01-18T17:15:10.290Z
Modified
2026-04-02T08:26:50.371079Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

References

Affected packages

Git / github.com/openstack/swift

Affected ranges

Type
GIT
Repo
https://github.com/openstack/swift
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b1916f81e2a598b41ab7281259c78715d7e46955
Introduced
975d3dbcfe8ef7e8007444e5bb5c0b3f890e534e
Fixed
19879831272b37b5e49f73a4d49f1a4587ccd7c7
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
f6196b0a221eb17e1d5649d732b997dc200b2fe7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.28.1"
        },
        {
            "introduced": "2.29.0"
        },
        {
            "fixed": "2.29.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.30.0"
        }
    ]
}

Affected versions

1.*
1.0.0
1.0.0-1
1.0.1
1.0.2
1.1.0
1.10.0
1.10.0.rc1
1.11.0
1.12.0
1.13.0
1.13.1
1.13.1.rc1
1.13.1.rc2
1.2.0
1.3.0
1.3gamma1
1.3rc1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.5.0
1.6.0
1.7.0
1.7.2
1.7.4
1.7.5
1.7.6
1.8.0
1.8.0.rc1
1.8.0.rc2
1.9.0
1.9.1
1.9.2
2.*
2.0.0
2.0.0.rc1
2.0.0.rc2
2.1.0
2.1.0.rc1
2.10.0
2.10.1
2.10.2
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16.0
2.17.0
2.17.1
2.18.0
2.19.0
2.19.1
2.19.2
2.2.0
2.2.0.rc1
2.2.1
2.2.1.rc1
2.2.1c1
2.2.2
2.2.2rc1
2.20.0
2.21.0
2.21.1
2.22.0
2.23.0
2.23.1
2.23.2
2.23.3
2.24.0
2.25.0
2.25.1
2.25.2
2.26.0
2.27.0
2.28.0
2.29.0
2.29.1
2.3.0
2.3.0rc1
2.3.0rc2
2.30.0
2.4.0
2.5.0
2.6.0
2.7.0
2.7.1
2.8.0
2.9.0
Other
diablo-eol
erasure_code_dev_history
essex-eol
folsom-eol
grizzly-eol
havana-eol
icehouse-eol
juno-eol
kilo-eol
liberty-eol
mitaka-eol
newton-eol
ocata-em
ocata-eol
pike-em
pike-eol
queens-em
queens-eol
rocky-em
rocky-eol
stein-em
stein-eol
storage-policy-historical
train-em
train-eol
ussuri-em
ussuri-eol
victoria-em
victoria-eol
victoria-eom
wallaby-em
wallaby-eol
wallaby-eom
upstream-1.*
upstream-1.0.0

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-47950.json"