51 lines
992 B
YAML
51 lines
992 B
YAML
date: 2015-04-14
|
|
|
|
id: OSSA-2015-006
|
|
|
|
title: 'Unauthorized delete of versioned Swift object'
|
|
|
|
description: 'Clay Gerrard from SwiftStack reported a vulnerability in Swift object
|
|
versioning. An authenticated user can delete the most recent version of any
|
|
versioned object whose name is known if the user have listing access to the
|
|
x-versions-location container. Only Swift setups with allow_version setting
|
|
are affected.'
|
|
|
|
affected-products:
|
|
|
|
- product: swift
|
|
version: versions through 2.2.2
|
|
|
|
vulnerabilities:
|
|
|
|
- cve-id: CVE-2015-1856
|
|
|
|
reporters:
|
|
|
|
- name: 'Clay Gerrard'
|
|
affiliation: SwiftStack
|
|
reported:
|
|
- CVE-2015-1856
|
|
|
|
issues:
|
|
|
|
links:
|
|
- https://launchpad.net/bugs/1430645
|
|
|
|
type: launchpad
|
|
|
|
reviews:
|
|
|
|
kilo:
|
|
- https://review.openstack.org/173361
|
|
|
|
juno:
|
|
- https://review.openstack.org/173363
|
|
|
|
icehouse:
|
|
- https://review.openstack.org/173366
|
|
|
|
type: gerrit
|
|
|
|
notes:
|
|
- 'This fix will be included in the upcoming 2.3.0 release.'
|