Vulnerability in Openstack Swift
CVE-2015-1856
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
EPSS: 0.009 (75.4th percentile) — read the EPSS interpretation.
Affected products
- Openstack Swift
- Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
- N/a — versions n/a
Weakness classification (CWE)
References
- RHSA-2015:1845 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- SUSE-SU-2015:1846 (vendor-advisory, x_refsource_SUSE)
- RHSA-2015:1846 (x_refsource_REDHAT, vendor-advisory)
- RHSA-2015:1681 (x_refsource_REDHAT, vendor-advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- USN-2704-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
- 74182 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)
- FEDORA-2015-12245 (x_refsource_FEDORA, vendor-advisory)
- [openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856) (Vendor Advisory, mailing-list, x_refsource_MLIST)