OSSA-2014-034: Swift metadata constraints are not correctly enforced

OSSA-2014-034: Swift metadata constraints are not correctly enforced¶

Date:: October 09, 2014
CVE:: CVE-2014-7960

Affects¶

Swift: up to 2.1.0

Description¶

Rajaneesh Singh reported a vulnerability in the way Swift enforces metadata constraints. By adding metadata in several separate calls, an authenticated attacker can bypass the max_meta_count constraint, potentially resulting in the storage of more metadata than allowed in configuration.

Patches¶

https://review.openstack.org/126645 (Icehouse)
https://review.openstack.org/125360 (Juno)

Credits¶

Rajaneesh Singh (CVE-2014-7960)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.