oss-sec mailing list archives
CVE request for vulnerability in OpenStack Swift
From: Jeremy Stanley <jeremy () openstack org>
Date: Tue, 7 Oct 2014 21:52:42 +0000
A vulnerability was discovered in OpenStack (see below). In order to ensure full traceability, we need a CVE number assigned that we can attach to further notifications. This issue is already public, although an advisory was not sent yet. Title: Swift metadata constraints are not correctly enforced Reporter: Rajaneesh Singh Products: Swift Versions: up to 2.1.0 Description: Rajaneesh Singh reported a vulnerability in Swift enforcement of metadata contraints. By adding metadata in several separate calls, an authenticated attacker can bypass the max_meta_count constraint, potentially resulting in the storage of more metadata than allowed in configuration. References: https://launchpad.net/bugs/1365350 Thanks in advance, -- Jeremy Stanley OpenStack Vulnerability Management Team
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request for vulnerability in OpenStack Swift Jeremy Stanley (Oct 07)
- Re: CVE request for vulnerability in OpenStack Swift cve-assign (Oct 08)