The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
References
Configurations
History
13 Feb 2023, 00:52
Type | Values Removed | Values Added |
---|---|---|
Summary | The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. | |
References |
|
02 Feb 2023, 16:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was discovered in the pipeline ordering of OpenStack Object Storage's staticweb middleware in the swiftproxy configuration generated from the openstack-tripleo-heat-templates package (OpenStack director). The staticweb middleware was incorrectly configured before the Identity Service, and under some conditions an attacker could use this flaw to gain unauthenticated access to private data. |
Information
Published : 2016-04-15 17:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-5271
Mitre link : CVE-2015-5271
CVE.ORG link : CVE-2015-5271
JSON object : View
Products Affected
openstack
- tripleo_heat_templates
redhat
- openstack
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor