CVE-2015-1856

Published: Apr 17, 2015Modified: May 6, 2026

5.5

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Exploitability: 8.0 / Impact: 4.9

Source: NVD

Description

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Affected (4)

Products: Openstack: Swift · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Swift	Up to 2.2.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.04

Related CWEs

CWE-264

References (22)

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html

Source: secalert@redhat.com

http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1681.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1684.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1845.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1846.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/74182

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2704-1

Source: secalert@redhat.com

Third Party Advisory

https://bugs.launchpad.net/swift/+bug/1430645

Source: secalert@redhat.com

Vendor Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html