5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:P/A:P
0.004 Low
EPSS
Percentile
69.9%
OpenStack Object Storage (swift) provides object storage in virtual
containers, which allows users to store and retrieve files (arbitrary
data). The service’s distributed architecture supports horizontal scaling;
redundancy as failure-proofing is provided through software-based data
replication. Because Object Storage supports asynchronous eventual
consistency replication, it is well suited to multiple data-center
deployment.
A flaw was found in OpenStack Object Storage that could allow an
authenticated user to delete the most recent version of a versioned object
regardless of ownership. To exploit this flaw, an attacker must know the
name of the object and have listing access to the x-versions-location
container. (CVE-2015-1856)
Red Hat would like to thank the OpenStack project for reporting this issue.
Upstream acknowledges Clay Gerrard of SwiftStack as the original reporter.
All users of openstack-swift are advised to upgrade to these updated
packages, which correct this issue. After installing this update, the
OpenStack Object Storage services will be restarted automatically.