4 matches found
CVE-2015-1856
Summary: CVE-2015-1856 affects OpenStack Object Storage (Swift) where, if allow_version is configured, an authenticated user who has listing access to the x-versions-location container can delete the latest version of a versioned object. This relies on Swift’s versioned-object handling and access...
CVE-2015-5223
OpenStack Object Storage (Swift) before 2.4.0 is affected. A flaw in tempurls allows an attacker with a PUT tempurl key to obtain sensitive information by referencing an object in another container, enabling partial information disclosure. Upgrading to Swift 2.4.0+ or applying vendor advisories (...
CVE-2013-6396
The CVE-2013-6396 entry concerns the OpenStack Python Swift client, python-swiftclient, versions 1.0 through 1.9.0, which do not verify X.509 certificates on SSL connections. This allows an attacker to perform a man-in-the-middle attack to spoof the Swift server and read sensitive data via a craf...
CVE-2026-50221
CVE-2026-50221 affects OpenStack Swift prior to 2.37.2, where proxy-server fails to strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding to object-servers. An authenticated user with write access can inje...