CVE-2014-0006

Currently unrated

Key Information:

Vendor: Openstack
Status: Swift
Vendor: CVE Published:; 23 January 2014

Summary

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

References

http://rhn.redhat.com/errata/RHSA-2014-0232.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/swift/+bug/1265665

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/01/17/5

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jan 23, 2014
Vulnerability Reserved
Dec 3, 2013