CVE-2015-5271Sensitive Information Exposure in Redhat Openstack

CWE-200Sensitive Information ExposureCWE-285Improper Authorization8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openstack
Timeline
PublishedApr 15
Latest updateMay 17

Description

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

4
OSV
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers2022-05-17
GHSA
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers2022-05-17
CVEList
CVE-2015-5271: The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift)2016-04-15
OSV
CVE-2015-5271: The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift)2016-04-15

📋Vendor Advisories

1
Red Hat
openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware2015-09-22

💬Community

2
Bugzilla
CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware [fedora-all]2015-10-19
Bugzilla
CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware2015-09-10
CVE-2015-5271 — Sensitive Information Exposure | cvebase