Timing Attack Vulnerability in OpenStack Object Storage by OpenStack
CVE-2014-0006

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
23 January 2014

Summary

The TempURL middleware in OpenStack Object Storage (Swift) versions 1.4.6 to 1.8.0 and 1.9.0 to 1.11.0 is affected by a timing attack vulnerability. This issue allows remote attackers to exploit timing discrepancies to obtain secret URLs by leveraging the names of the objects stored in the system. As a result, unauthorized access to sensitive resources may be facilitated, leading to potential data exposure.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.