Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2015-5223

Опубликовано: 26 авг. 2015
Источник: redhat
CVSS2: 4.3

Описание

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

A flaw was discovered in the OpenStack Object Storage service (swift) TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project (tenant).

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Gluster Storage 3.1swiftonfileNot affected
Red Hat Storage 2.1gluster-swiftWill not fix
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6openstack-swiftFixedRHSA-2015:189515.10.2015
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 7openstack-swiftFixedRHSA-2015:189515.10.2015
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7openstack-swiftFixedRHSA-2015:189515.10.2015
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7openstack-swiftFixedRHSA-2015:189515.10.2015
Red Hat Gluster Storage 3.1 for RHEL 6openstack-swiftFixedRHSA-2016:032901.03.2016
Red Hat Gluster Storage 3.1 for RHEL 7openstack-swiftFixedRHSA-2016:032801.03.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1255622openstack-swift: Information leak via Swift tempurls

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2015-5223

ubuntu
больше 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

nvd логотип

CVE-2015-5223

nvd
больше 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

debian логотип

CVE-2015-5223

debian
больше 10 лет назад

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obta ...

github логотип

GHSA-q45h-chc8-hvp6

github
больше 3 лет назад

OpenStack Object Storage (Swift) Sensitive Data Exposure

4.3 Medium

CVSS2