Vulnerability DatabaseCVE-2015-1856
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-1856
April 17, 2015
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
Related ResourcesĀ (17)
https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html
http://www.ubuntu.com/usn/USN-2704-1
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html
http://rhn.redhat.com/errata/RHSA-2015-1845.html
https://bugs.launchpad.net/swift/+bug/1430645
https://github.com/openstack/swift
https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7
http://rhn.redhat.com/errata/RHSA-2015-1846.html
https://git.openstack.org/cgit/openstack/swift/commit/?id=5bb7c286ebb4a54e4d2bd5a02845644d1c651183
https://nvd.nist.gov/vuln/detail/CVE-2015-1856
http://rhn.redhat.com/errata/RHSA-2015-1681.html
http://rhn.redhat.com/errata/RHSA-2015-1684.html
https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264
http://www.securityfocus.com/bid/74182
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
5.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
1.03