CVE-2015-5271

Sažetak

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

Reference

https://access.redhat.com/errata/RHSA-2015:1862
https://bugs.launchpad.net/tripleo/+bug/1494896
https://bugzilla.redhat.com/show_bug.cgi?id=1261697
https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 00:52

Objavljeno

15-04-2016 - 17:59