CVE-2015-1856

Published: Apr 17, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2015:1845

vendor-advisory

x_refsource_REDHAT

https://bugs.launchpad.net/swift/+bug/1430645

x_refsource_CONFIRM

SUSE-SU-2015:1846

vendor-advisory

x_refsource_SUSE

RHSA-2015:1846

vendor-advisory

x_refsource_REDHAT

RHSA-2015:1681

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

x_refsource_CONFIRM

USN-2704-1

vendor-advisory

x_refsource_UBUNTU

74182

vdb-entry

x_refsource_BID

FEDORA-2015-12245

vendor-advisory

x_refsource_FEDORA

[openstack-announce] 20150414 [OSSA 2015-006] Unauthorized delete of versioned Swift object (CVE-2015-1856)

mailing-list

x_refsource_MLIST

RHSA-2015:1684

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-1856

Description

Affected Products

References