CVE-2015-1856

Published: 17 April 2015

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Priority

Medium

Status

Package Release Status
swift
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.13.1-0ubuntu1.2])
Patches:
Upstream: https://review.openstack.org/173366 (icehouse)
Upstream: https://review.openstack.org/173363 (juno)
Upstream: https://review.openstack.org/173361 (kilo)