Information Disclosure Vulnerability in OpenStack Object Storage by OpenStack
CVE-2015-5223

Currently unrated

Key Information:

Vendor
Openstack
Status
Swift
Vendor
CVE Published:
26 October 2015

Summary

OpenStack Object Storage (Swift) versions prior to 2.4.0 are vulnerable to an information disclosure flaw that could allow attackers to gain unauthorized access to sensitive information. This vulnerability specifically arises when a PUT tempurl is executed alongside a DLO object manifest that points to an object stored in a different container. As a result, the attacker could potentially retrieve confidential data that should have been protected, highlighting the need for timely updates to safeguard against such exposures.

References

http://rhn.redhat.com/errata/RHSA-2016-0329.html
vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2015...
vendor-advisoryx_refsource_SUSE
https://security.openstack.org/ossa/OSSA-2015-016.html
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.