Add OSSA-2023-001 (CVE-2022-47950)

Change-Id: I07a10908a8d1ce314413f601c8f282cca0451cc1 Closes-Bug: #1998625
2023-01-17 14:53:48 +00:00 · 2023-01-17 14:53:48 +00:00 · 0b14e1f02d
parent 8e1ff97004
commit 0b14e1f02d
1 changed files with 51 additions and 0 deletions
--- a/ossa/OSSA-2023-001.yaml
+++ b/ossa/OSSA-2023-001.yaml
@ -0,0 +1,51 @@
+date: 2023-01-17
+
+id: OSSA-2023-001
+
+title: Arbitrary file access through custom S3 XML entities
+
+description: >
+  Sébastien Meriot (OVH) reported a vulnerability in Swift's S3 XML parser. By
+  supplying specially crafted XML files an authenticated user may coerce the S3
+  API into returning arbitrary file contents from the host server resulting in
+  unauthorized read access to potentially sensitive data; this impacts both
+  s3api deployments (Rocky or later), and swift3 deployments (Queens and
+  earlier, no longer actively developed). Only deployments with S3
+  compatibility enabled are affected.
+
+affected-products:
+  - product: Swift
+    version: '<2.28.1, >=2.29.0 <2.29.2, ==2.30.0'
+
+vulnerabilities:
+  - cve-id: CVE-2022-47950
+
+reporters:
+  - name: Sébastien Meriot
+    affiliation: OVH
+    reported:
+      - CVE-2022-47950
+
+issues:
+  links:
+    - https://launchpad.net/bugs/1998625
+
+reviews:
+  2023.1/antelope:
+    - https://review.opendev.org/870823
+
+  zed:
+    - https://review.opendev.org/870825
+
+  yoga:
+    - https://review.opendev.org/870826
+
+  xena:
+    - https://review.opendev.org/870827
+
+  wallaby:
+    - https://review.opendev.org/870828
+
+notes:
+  - The stable/wallaby branch is under extended maintenance and will receive no
+    new point releases, but a patch for it is provided as a courtesy.