CVE-2015-1856

CWE-26413 documents9 sources

Severity

5.5MEDIUM

EPSS

1.0%

top 22.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Swift Canonical Ubuntu Linux

Timeline

PublishedApr 17

Latest updateMay 14

Description

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

▶NVDopenstack/swift2.2.2

▶PyPIswift< 2.3.0

▶Debianswift< 2.2.0-2+3

▶Ubuntuswift< 1.13.1-0ubuntu1.2

Also affects: Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

OSV

OpenStack Swift Unauthorized delete of versioned Swift object↗2022-05-14

▶

GHSA

OpenStack Swift Unauthorized delete of versioned Swift object↗2022-05-14

▶

OSV

swift vulnerabilities↗2015-08-06

▶

OSV

CVE-2015-1856: OpenStack Object Storage (Swift) before 2↗2015-04-17

▶

CVEList

CVE-2015-1856: OpenStack Object Storage (Swift) before 2↗2015-04-17

▶

📋Vendor Advisories

Ubuntu

Swift vulnerabilities↗2015-08-06

▶

Red Hat

Swift: unauthorized deletion of versioned Swift object↗2015-04-15

▶

Debian

CVE-2015-1856: swift - OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured,...↗2015

▶

💬Community

Bugzilla

CVE-2015-1856 openstack-swift: OpenStack Swift: unauthorized deletion of versioned Swift object [fedora-all]↗2015-07-24

▶

Bugzilla

CVE-2015-1856 OpenStack Swift: unauthorized deletion of versioned Swift object↗2015-04-08

▶