tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
Bug #1494896 reported by
James Slagle
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
High
|
Emilien Macchi |
Bug Description
Christian Schwede and Garth Mollett from Red Hat reported a
vulnerability in tripleo-
is enabled, it is incorrectly configured before the keystone auth
middleware, reporting containers with enabled staticweb listings to
be empty and private while in fact being public accessible. A possible
unrecognized information leak might be the result. All setups configured
with staticweb middleware are affected.
CVE References
Changed in tripleo: | |
status: | New → Confirmed |
summary: |
- openstack-tripleo-heat-templates: unsafe pipeline ordering of swift - staticweb middleware + tripleo-heat-templates: unsafe pipeline ordering of swift staticweb + middleware |
information type: | Private Security → Public Security |
Changed in tripleo: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
In attachment, the patch to apply in master.