Information Disclosure Vulnerability in OpenStack Object Storage by OpenStack
CVE-2015-5223

Currently unrated

Key Information:

Vendor: Openstack
Status: Swift
Vendor: CVE Published:; 26 October 2015

Summary

OpenStack Object Storage (Swift) versions prior to 2.4.0 are vulnerable to an information disclosure flaw that could allow attackers to gain unauthorized access to sensitive information. This vulnerability specifically arises when a PUT tempurl is executed alongside a DLO object manifest that points to an object stored in a different container. As a result, the attacker could potentially retrieve confidential data that should have been protected, highlighting the need for timely updates to safeguard against such exposures.

References

http://rhn.redhat.com/errata/RHSA-2016-0329.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://security.openstack.org/ossa/OSSA-2015-016.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jul 1, 2015