PRIOn knowledge basePRION:CVE-2015-1856

HistoryApr 17, 2015 - 5:59 p.m.

Design/Logic Flaw

2015-04-1717:59:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

CPENameOperatorVersion
ubuntu_linuxeq12.04
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
swiftle2.2.2

Name	Operator	Version
ubuntu_linux	eq	12.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	15.04
swift	le	2.2.2

References

lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html

rhn.redhat.com/errata/RHSA-2015-1681.html

rhn.redhat.com/errata/RHSA-2015-1684.html

rhn.redhat.com/errata/RHSA-2015-1845.html

rhn.redhat.com/errata/RHSA-2015-1846.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.securityfocus.com/bid/74182

www.ubuntu.com/usn/USN-2704-1

bugs.launchpad.net/swift/+bug/1430645

lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html

6.6 Medium

AI Score

Confidence

Low

5.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for PRION:CVE-2015-1856