Timing Attack Vulnerability in OpenStack Object Storage by OpenStack
CVE-2014-0006

Currently unrated

Key Information:

Vendor

Openstack
Status
Swift
Vendor
CVE Published:
23 January 2014

What is CVE-2014-0006?

The TempURL middleware in OpenStack Object Storage (Swift) versions 1.4.6 to 1.8.0 and 1.9.0 to 1.11.0 is affected by a timing attack vulnerability. This issue allows remote attackers to exploit timing discrepancies to obtain secret URLs by leveraging the names of the objects stored in the system. As a result, unauthorized access to sensitive resources may be facilitated, leading to potential data exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2014-0232.html
vendor-advisoryx_refsource_REDHAT
https://bugs.launchpad.net/swift/+bug/1265665
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2014/01/17/5
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.