CVE-2015-5242

OpenStack Swift-on-File aka Swiftonfile does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute xattrs...

DEBIAN-CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

UBUNTU-CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

openstack-swift: Information leak via Swift tempurls

A flaw was discovered in the OpenStack Object Storage service swift TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project tenant...

Swift: unauthorized deletion of versioned Swift object

A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container...

Fedora 22 : openstack-swift-2.2.0-5.fc22 (2015-12245)

This update fixes CVE-2015-1856, unauthorized deletion of versioned Swift object. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Fedora Update for openstack-swift FEDORA-2015-12245

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openstack-swift: Swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in OpenStack Object Storage swift. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

OpenStack Swift DLO Objects Denial of Service Vulnerability

OpenStack is a cloud platform management program developed by the National Aeronautics and Space Administration NASA and Rackspace, Inc. in the United States. A denial of service vulnerability exists in OpenStack Swift DLO Objects, which allows attackers to exploit this vulnerability to launch...

CVE-2015-1856

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

CVE-2015-1856

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

UBUNTU-CVE-2015-1856

OpenStack Object Storage Swift before 2.3.0, when allowversion is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container...

openstack-swift: Swift metadata constraints are not correctly enforced

A flaw was found in the metadata constraints in OpenStack Object Storage swift. By adding metadata in several separate calls, a malicious user could bypass the maxmetacount constraint, and store more metadata than allowed by the configuration...

DEBIAN-CVE-2014-7960

OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...

CVE-2014-7960

OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...

UBUNTU-CVE-2014-7960

OpenStack Object Storage Swift before 2.2.0 allows remote authenticated users to bypass the maxmetacount and other metadata constraints via multiple crafted requests which exceed the limit when combined...

openstack-swift: XSS in Swift requests through WWW-Authenticate header

It was found that Swift did not escape all HTTP header values, allowing data to be injected into the responses sent from the Swift server. This could lead to cross-site scripting attacks and possibly other impacts if a user were tricked into clicking on a malicious URL...

DEBIAN-CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

CVE-2014-3497

Cross-site scripting XSS vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header...

CVE-2014-3497

OpenStack Swift versions 1.11.0–1.13.1 are affected by a cross-site scripting (XSS) vulnerability caused by insufficient escaping of HTTP header values, enabling remote injection via the WWW-Authenticate header. Impact is XSS in affected users’ browsers; exploitation details are not provided in t...