CVE-2015-5223

CWE-200Information Exposure14 documents9 sources
Severity
5.0MEDIUM
EPSS
1.1%
top 21.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Swift
Timeline
PublishedOct 26
Latest updateMay 14

Description

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDopenstack/swift2.3.0
PyPIswift< 2.4.0
Debianswift< 2.4.0-1+3
Ubuntuswift< 1.13.1-0ubuntu1.5

🔴Vulnerability Details

5
GHSA
OpenStack Object Storage (Swift) Sensitive Data Exposure2022-05-14
OSV
OpenStack Object Storage (Swift) Sensitive Data Exposure2022-05-14
OSV
swift vulnerabilities2017-10-11
OSV
CVE-2015-5223: OpenStack Object Storage (Swift) before 22015-10-26
CVEList
CVE-2015-5223: OpenStack Object Storage (Swift) before 22015-10-26

💥Exploits & PoCs

2
Exploit-DB
D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting2015-05-11
Exploit-DB
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting2015-05-11

📋Vendor Advisories

3
Ubuntu
OpenStack Swift vulnerabilities2017-10-11
Red Hat
openstack-swift: Information leak via Swift tempurls2015-08-26
Debian
CVE-2015-5223: swift - OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensiti...2015

💬Community

3
Bugzilla
CVE-2015-5223 openstack-swift: Information leak via Swift tempurls [fedora-all]2015-09-18
Bugzilla
CVE-2015-6748 jsoup: XSS vulnerability related to incomplete tags at EOF2015-08-31
Bugzilla
CVE-2015-5223 openstack-swift: Information leak via Swift tempurls2015-08-21
CVE-2015-5223 (MEDIUM CVSS 5) | OpenStack Object Storage (Swift) be | cvebase.io