Moderate severityNVD Advisory· Published Apr 17, 2015· Updated May 6, 2026
CVE-2015-1856
CVE-2015-1856
Description
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
swiftPyPI | < 2.3.0 | 2.3.0 |
Affected products
3- ghsa-coords3 versionspkg:pypi/swiftpkg:rpm/suse/openstack-swift&distro=SUSE%20OpenStack%20Cloud%205pkg:rpm/suse/openstack-swift-doc&distro=SUSE%20OpenStack%20Cloud%205
< 2.3.0+ 2 more
- (no CPE)range: < 2.3.0
- (no CPE)range: < 2.1.0-11.1
- (no CPE)range: < 2.1.0-11.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- lists.openstack.org/pipermail/openstack-announce/2015-April/000349.htmlnvdVendor AdvisoryWEB
- www.securityfocus.com/bid/74182nvdThird Party AdvisoryVDB EntryWEB
- www.ubuntu.com/usn/USN-2704-1nvdThird Party AdvisoryWEB
- bugs.launchpad.net/swift/+bug/1430645nvdVendor AdvisoryWEB
- github.com/advisories/GHSA-cc77-5vw4-7pwgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-1856ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.htmlnvdWEB
- lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1681.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1684.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1845.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2015-1846.htmlnvdWEB
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvdWEB
- git.openstack.org/cgit/openstack/swift/commit/ghsaWEB
- git.openstack.org/cgit/openstack/swift/commit/ghsaWEB
- git.openstack.org/cgit/openstack/swift/commit/ghsaWEB
- git.openstack.org/cgit/openstack/swift/commit/ghsaWEB
News mentions
0No linked articles in our index yet.