Launchpad.net

CVE 2014-0006

The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

Related bugs and status

CVE-2014-0006 (Candidate) is related to these bugs:

Bug #1265665: [OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)

		In	Importance	Status
1265665	[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)	OpenStack Object Storage (swift)	Undecided	Fix Released
1265665	[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)	OpenStack Security Advisory	Medium	Fix Released
1265665	[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)	OpenStack Object Storage (swift) grizzly	Undecided	Fix Committed
1265665	[OSSA 2014-002] Possible timing attack against tempurl (CVE-2014-0006)	OpenStack Object Storage (swift) havana	Undecided	Fix Committed

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-0006

Related bugs and status

Related bugs

References