CVE-2014-0006

CWE-200Information Exposure12 documents8 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 37.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Swift
Timeline
PublishedJan 23
Latest updateMay 17

Description

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/swift16 versions+15
PyPIswift1.11.01.12.0+2
Debianswift< 1.11.0-2+3

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
OpenStack Swift Discloses Secret URLs to Timing Attack2022-05-17
OSV
OpenStack Swift Discloses Secret URLs to Timing Attack2022-05-17
CVEList
CVE-2014-0006: The TempURL middleware in OpenStack Object Storage (Swift) 12014-01-23
OSV
CVE-2014-0006: The TempURL middleware in OpenStack Object Storage (Swift) 12014-01-23

📋Vendor Advisories

3
Ubuntu
OpenStack Swift vulnerability2014-05-06
Red Hat
Swift: TempURL timing attack2014-01-16
Debian
CVE-2014-0006: swift - The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, ...2014

💬Community

4
Bugzilla
CVE-2014-8094 xorg-x11-server: integer overflow in DRI2 extension function ProcDRI2GetBuffers()2014-11-27
Bugzilla
CVE-2014-0006 openstack-swift: Openstack Swift: TempURL timing attack [fedora-all]2014-01-17
Bugzilla
CVE-2014-0006 openstack-swift: Openstack Swift: TempURL timing attack [epel-6]2014-01-17
Bugzilla
CVE-2014-0006 Openstack Swift: TempURL timing attack2014-01-10
CVE-2014-0006 (MEDIUM CVSS 4.3) | The TempURL middleware in OpenStack | cvebase.io