Information Disclosure Vulnerability in OpenStack Object Storage by OpenStack
CVE-2015-5223
Currently unrated
Summary
OpenStack Object Storage (Swift) versions prior to 2.4.0 are vulnerable to an information disclosure flaw that could allow attackers to gain unauthorized access to sensitive information. This vulnerability specifically arises when a PUT tempurl is executed alongside a DLO object manifest that points to an object stored in a different container. As a result, the attacker could potentially retrieve confidential data that should have been protected, highlighting the need for timely updates to safeguard against such exposures.
References
Timeline
Vulnerability published
Vulnerability Reserved