Timing Attack Vulnerability in OpenStack Object Storage by OpenStack
CVE-2014-0006

Currently unrated

Key Information:

Vendor: Openstack
Status: Swift
Vendor: CVE Published:; 23 January 2014

Summary

The TempURL middleware in OpenStack Object Storage (Swift) versions 1.4.6 to 1.8.0 and 1.9.0 to 1.11.0 is affected by a timing attack vulnerability. This issue allows remote attackers to exploit timing discrepancies to obtain secret URLs by leveraging the names of the objects stored in the system. As a result, unauthorized access to sensitive resources may be facilitated, leading to potential data exposure.

References

http://rhn.redhat.com/errata/RHSA-2014-0232.html

vendor-advisoryx_refsource_REDHAT

https://bugs.launchpad.net/swift/+bug/1265665

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2014/01/17/5

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Jan 23, 2014
Vulnerability Reserved
Dec 3, 2013