Remote authenticated users can delete latest version of object in OpenStack Object Storage (Swift) before 2.3.0

Remote authenticated users can delete latest version of object in OpenStack Object Storage (Swift) before 2.3.0

CVE-2015-1856 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:P

OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

Learn more about our User Device Pen Test.