{ "threat_severity" : "Moderate", "public_date" : "2015-04-15T00:00:00Z", "bugzilla" : { "description" : "Swift: unauthorized deletion of versioned Swift object", "id" : "1209994", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209994" }, "cvss" : { "cvss_base_score" : "3.5", "cvss_scoring_vector" : "AV:N/AC:M/Au:S/C:N/I:N/A:P", "status" : "verified" }, "details" : [ "OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.", "A flaw was found in OpenStack Object Storage that could allow an authenticated user to delete the most recent version of a versioned object regardless of ownership. To exploit this flaw, an attacker must know the name of the object and have listing access to the x-versions-location container." ], "acknowledgement" : "Red Hat would like to thank OpenStack project for reporting this issue. Upstream acknowledges Clay Gerrard (SwiftStack) as the original reporter.", "affected_release" : [ { "product_name" : "Native Client for RHEL 6 for Red Hat Storage", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3:client:el6", "package" : "glusterfs-0:3.7.1-16.el6" }, { "product_name" : "Native Client for RHEL 7 for Red Hat Storage", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3:client:el7", "package" : "glusterfs-0:3.7.1-16.el7" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date" : "2015-08-25T00:00:00Z", "advisory" : "RHSA-2015:1684", "cpe" : "cpe:/a:redhat:openstack:5::el6", "package" : "openstack-swift-0:1.13.1-6.el6ost" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7", "release_date" : "2015-08-25T00:00:00Z", "advisory" : "RHSA-2015:1684", "cpe" : "cpe:/a:redhat:openstack:5::el7", "package" : "openstack-swift-0:1.13.1-5.el7ost" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7", "release_date" : "2015-08-24T00:00:00Z", "advisory" : "RHSA-2015:1681", "cpe" : "cpe:/a:redhat:openstack:6::el7", "package" : "openstack-swift-0:2.2.0-4.el7ost" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "gdeploy-0:1.0-12.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "glusterfs-0:3.7.1-16.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "gluster-nagios-addons-0:0.2.5-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "gluster-nagios-common-0:0.2.2-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "gstatus-0:0.65-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "nagios-server-addons-0:0.2.2-1.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "nfs-ganesha-0:2.2.0-9.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "openstack-swift-0:1.13.1-6.el6ost" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "redhat-storage-server-0:3.1.1.0-2.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "swiftonfile-0:1.13.1-5.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 6", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1845", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el6", "package" : "vdsm-0:4.16.20-1.3.el6rhs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "gdeploy-0:1.0-12.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "glusterfs-0:3.7.1-16.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "gluster-nagios-addons-0:0.2.5-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "gluster-nagios-common-0:0.2.2-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "gstatus-0:0.65-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "nagios-server-addons-0:0.2.2-1.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "nfs-ganesha-0:2.2.0-9.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "openstack-swift-0:1.13.1-6.el7ost" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "redhat-storage-server-0:3.1.1.0-2.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "swiftonfile-0:1.13.1-5.el7rhgs" }, { "product_name" : "Red Hat Gluster Storage 3.1 for RHEL 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/a:redhat:storage:3.1:nfs:el7", "package" : "vdsm-0:4.16.20-1.3.el7rhgs" }, { "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date" : "2015-10-05T00:00:00Z", "advisory" : "RHSA-2015:1846", "cpe" : "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package" : "glusterfs-0:3.7.1-16.el7" } ], "package_state" : [ { "product_name" : "Red Hat OpenStack Platform 4", "fix_state" : "Will not fix", "package_name" : "openstack-swift", "cpe" : "cpe:/a:redhat:openstack:4" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1856\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1856" ], "name" : "CVE-2015-1856", "csaw" : false }