Information Disclosure Vulnerability in OpenStack Object Storage by OpenStack
CVE-2015-5223

Currently unrated

Key Information:

Vendor
Openstack
Status
Vendor
CVE Published:
26 October 2015

Summary

OpenStack Object Storage (Swift) versions prior to 2.4.0 are vulnerable to an information disclosure flaw that could allow attackers to gain unauthorized access to sensitive information. This vulnerability specifically arises when a PUT tempurl is executed alongside a DLO object manifest that points to an object stored in a different container. As a result, the attacker could potentially retrieve confidential data that should have been protected, highlighting the need for timely updates to safeguard against such exposures.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.