oss-sec mailing list archives

CVE request for vulnerability in OpenStack Swift

From: Jeremy Stanley <jeremy () openstack org>
Date: Tue, 7 Oct 2014 21:52:42 +0000

A vulnerability was discovered in OpenStack (see below). In order to
ensure full traceability, we need a CVE number assigned that we can
attach to further notifications. This issue is already public,
although an advisory was not sent yet.

Title: Swift metadata constraints are not correctly enforced
Reporter: Rajaneesh Singh
Products: Swift
Versions: up to 2.1.0

Description:
Rajaneesh Singh reported a vulnerability in Swift enforcement of
metadata contraints. By adding metadata in several separate calls,
an authenticated attacker can bypass the max_meta_count constraint,
potentially resulting in the storage of more metadata than allowed
in configuration.

References:
https://launchpad.net/bugs/1365350

Thanks in advance,

-- 
Jeremy Stanley
OpenStack Vulnerability Management Team

Attachment: signature.asc
Description: Digital signature

Current thread:

CVE request for vulnerability in OpenStack Swift Jeremy Stanley (Oct 07)
- Re: CVE request for vulnerability in OpenStack Swift cve-assign (Oct 08)