Timing Attack Vulnerability in OpenStack Object Storage by OpenStack
CVE-2014-0006
Currently unrated
Summary
The TempURL middleware in OpenStack Object Storage (Swift) versions 1.4.6 to 1.8.0 and 1.9.0 to 1.11.0 is affected by a timing attack vulnerability. This issue allows remote attackers to exploit timing discrepancies to obtain secret URLs by leveraging the names of the objects stored in the system. As a result, unauthorized access to sensitive resources may be facilitated, leading to potential data exposure.
References
Timeline
Vulnerability published
Vulnerability Reserved