rpm package
suse/openstack-swift&distro=SUSE OpenStack Cloud 5
pkg:rpm/suse/openstack-swift&distro=SUSE%20OpenStack%20Cloud%205
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-7548 | Low | 3.5 | < 2.1.0-14.1 | 2.1.0-14.1 | Jan 12, 2016 | OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesti | |
| CVE-2015-5223 | — | < 2.1.0-11.1 | 2.1.0-11.1 | Oct 26, 2015 | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | ||
| CVE-2015-3646 | — | < 2.1.0-14.1 | 2.1.0-14.1 | May 12, 2015 | OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | ||
| CVE-2015-1856 | — | < 2.1.0-11.1 | 2.1.0-11.1 | Apr 17, 2015 | OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | ||
| CVE-2014-7960 | — | < 2.1.0-11.1 | 2.1.0-11.1 | Oct 17, 2014 | OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined. |
- affected < 2.1.0-14.1fixed 2.1.0-14.1
OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvirt to spawn instances and use_cow_images is set to false, allow remote authenticated users to read arbitrary files by overwriting an instance disk with a crafted image and requesti
- CVE-2015-5223Oct 26, 2015affected < 2.1.0-11.1fixed 2.1.0-11.1
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
- CVE-2015-3646May 12, 2015affected < 2.1.0-14.1fixed 2.1.0-14.1
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.
- CVE-2015-1856Apr 17, 2015affected < 2.1.0-11.1fixed 2.1.0-11.1
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
- CVE-2014-7960Oct 17, 2014affected < 2.1.0-11.1fixed 2.1.0-11.1
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.