Information disclosure in Openstack Swift

CVE-2015-5223

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

Vulnerability class: Information Disclosure

EPSS: 0.015 (81.2th percentile) — read the EPSS interpretation.

Affected products

Openstack Swift
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

RHSA-2016:0329 (x_refsource_REDHAT, vendor-advisory)
SUSE-SU-2015:1846 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
RHSA-2015:1895 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
84827 (vdb-entry, x_refsource_BID)
secalert@redhat.com (x_refsource_CONFIRM)
[oss-security] 20150826 Subject: [OSSA 2015-016] Information leak via Swift tempurls (CVE-2015-5223) (mailing-list, x_refsource_MLIST)
secalert@redhat.com (x_refsource_CONFIRM)