关键信息 Title: Swift metadata constraints are not correctly enforced Reporter: Rajaneesh Singh Product: Swift Affected Versions: Up to 2.1.0 Description: - Vulnerability in Swift enforcement of metadata constraints. An authenticated attacker can bypass the max_meta_count constraint by adding metadata in separate calls. - This can lead to storing more metadata than allowed in the configuration. Reference: - Launchpad bug report Date of Discovery: Tue, 7 Oct 2014 Current Status: - Issue is public, but an advisory is not sent yet. Actions Needed: - CVE number required for traceability. Contact: - Jeremy Stanley, OpenStack Vulnerability Management Team