Bug 2160618 (CVE-2022-47950)

Summary: CVE-2022-47950 openstack-swift: Arbitrary file access through custom S3 XML entities
Product: [Other] Security Response Reporter: Avinash Hanwate <ahanwate>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: derekh, eglynn, jjoyce, lhh, mburns, mgarciac, security-response-team, spower, swiftbugzilla, zaitcev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in Swift's S3 XML parser. By supplying specially crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This issue impacts both s3api deployments (Rocky or later) and swift3 deployments (Queens and earlier, no longer actively developed). Only deployments with S3 compatibility enabled are affected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-03-15 23:29:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2160631, 2161837, 2160628, 2160629, 2160630, 2166162    
Bug Blocks: 2160250    

Description Avinash Hanwate 2023-01-13 04:03:10 UTC 
A vulnerability is discovered in Swift's S3 XML parser. By supplying specially crafted XML files an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server resulting in unauthorized read access to potentially sensitive data; this impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed). Only deployments with S3 compatibility enabled are affected.
Comment 4 Avinash Hanwate 2023-01-18 03:51:10 UTC 
Created openstack-swift tracking bugs for this issue:

Affects: openstack-rdo [bug 2161837]
Comment 6 errata-xmlrpc 2023-02-28 15:47:02 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 17.0

Via RHSA-2023:1013 https://access.redhat.com/errata/RHSA-2023:1013
Comment 7 errata-xmlrpc 2023-03-15 19:56:22 UTC 
This issue has been addressed in the following products:

  Red Hat OpenStack Platform 13.0 - ELS
  Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS
  Red Hat OpenStack Platform 16.1
  Red Hat OpenStack Platform 16.2

Via RHSA-2023:1277 https://access.redhat.com/errata/RHSA-2023:1277
Comment 8 Product Security DevOps Team 2023-03-15 23:29:38 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-47950