PT-2016-3678 · Openstack · Tripleo-Heat-Templates

Christian Schwede

Publicado

2016-04-15

Atualizado

2023-02-13

CVE-2015-5271

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions tripleo-heat-templates (affected versions not specified)

Description The issue is related to the improper ordering of the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled. This might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2015-5271

GHSA-8936-44GW-7664

PYSEC-2016-34

RHSA-2015:1862

Produtos afetados

Tripleo-Heat-Templates

PT-2016-3678 · Openstack · Tripleo-Heat-Templates

CVE-2015-5271

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15