OSSA-2014-034: Swift metadata constraints are not correctly enforced

OSSA-2014-034: Swift metadata constraints are not correctly enforced

Date

October 09, 2014

CVE

CVE-2014-7960

Affects

  • Swift: up to 2.1.0

Description

Rajaneesh Singh reported a vulnerability in the way Swift enforces metadata constraints. By adding metadata in several separate calls, an authenticated attacker can bypass the max_meta_count constraint, potentially resulting in the storage of more metadata than allowed in configuration.

Credits

  • Rajaneesh Singh (CVE-2014-7960)

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.