Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-1856

Опубликовано: 15 апр. 2015
Источник: redhat
CVSS2: 3.5
EPSS Низкий

Описание

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 4openstack-swiftWill not fix
Native Client for RHEL 6 for Red Hat StorageglusterfsFixedRHSA-2015:184505.10.2015
Native Client for RHEL 7 for Red Hat StorageglusterfsFixedRHSA-2015:184605.10.2015
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6openstack-swiftFixedRHSA-2015:168425.08.2015
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7openstack-swiftFixedRHSA-2015:168425.08.2015
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7openstack-swiftFixedRHSA-2015:168124.08.2015
Red Hat Gluster Storage 3.1 for RHEL 6gdeployFixedRHSA-2015:184505.10.2015
Red Hat Gluster Storage 3.1 for RHEL 6glusterfsFixedRHSA-2015:184505.10.2015
Red Hat Gluster Storage 3.1 for RHEL 6gluster-nagios-addonsFixedRHSA-2015:184505.10.2015
Red Hat Gluster Storage 3.1 for RHEL 6gluster-nagios-commonFixedRHSA-2015:184505.10.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1209994Swift: unauthorized deletion of versioned Swift object

EPSS

Процентиль: 77%
0.01033
Низкий

3.5 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-1856

ubuntu
почти 11 лет назад

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

nvd логотип

CVE-2015-1856

nvd
почти 11 лет назад

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

debian логотип

CVE-2015-1856

debian
почти 11 лет назад

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is c ...

github логотип

GHSA-cc77-5vw4-7pwg

github
больше 3 лет назад

OpenStack Swift Unauthorized delete of versioned Swift object

EPSS

Процентиль: 77%
0.01033
Низкий

3.5 Low

CVSS2