CVE 2015-5223
OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.
Related bugs and status
CVE-2015-5223 (Candidate) is related to these bugs:
Bug #1449212: Container level temp URLs can unintentionally leak data.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1449212 | Container level temp URLs can unintentionally leak data. | OpenStack Object Storage (swift) | Critical | Fix Released | ||
| 1449212 | Container level temp URLs can unintentionally leak data. | OpenStack Security Advisory | Medium | Fix Released | ||
| 1449212 | Container level temp URLs can unintentionally leak data. | OpenStack Object Storage (swift) kilo | Undecided | Fix Committed | ||
Bug #1453807: Post (not as copy) to SLO manifest destroys its state as a manifest
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1453807 | Post (not as copy) to SLO manifest destroys its state as a manifest | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1453948: [OSSA 2015-016] all PUT tempurls leak existence via DLO manifest attack (CVE-2015-5223)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1453948 | [OSSA 2015-016] all PUT tempurls leak existence via DLO manifest attack (CVE-2015-5223) | OpenStack Object Storage (swift) | Critical | Fix Released | ||
| 1453948 | [OSSA 2015-016] all PUT tempurls leak existence via DLO manifest attack (CVE-2015-5223) | OpenStack Security Advisory | Medium | Fix Released | ||
Bug #1457262: handoffs_first should log warning
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1457262 | handoffs_first should log warning | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1457691: node timeout on overwrite can easily cause mis-matched etag fragment to 503
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1457691 | node timeout on overwrite can easily cause mis-matched etag fragment to 503 | OpenStack Object Storage (swift) | High | Fix Released | ||
Bug #1467677: Server side copy with Single Ranged read not working with Erasure Coded Data
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1467677 | Server side copy with Single Ranged read not working with Erasure Coded Data | OpenStack Object Storage (swift) | Critical | Fix Released | ||
Bug #1468120: disparsion-reports fails by HTTP_Error
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1468120 | disparsion-reports fails by HTTP_Error | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1468298: Reconstructor remaining time is incorrect, because total jobs number is increase continually
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1468298 | Reconstructor remaining time is incorrect, because total jobs number is increase continually | OpenStack Object Storage (swift) | Low | Fix Released | ||
Bug #1468374: swift dispersion does not support keystone auth v3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1468374 | swift dispersion does not support keystone auth v3 | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1469951: swift-object-info uses wrong policy for calculating while no full data path in the coomand
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1469951 | swift-object-info uses wrong policy for calculating while no full data path in the coomand | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1470576: mount_check does not prevent writing to root mount
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1470576 | mount_check does not prevent writing to root mount | OpenStack Object Storage (swift) | Medium | Fix Released | ||
Bug #1472201: EC GET makes a "Client disconnected on read" warning
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1472201 | EC GET makes a "Client disconnected on read" warning | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1475499: EC: proxy server returns wrong response on range GET
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1475499 | EC: proxy server returns wrong response on range GET | OpenStack Object Storage (swift) | Medium | Fix Released | ||
Bug #1476623: Excessive resource consumption looking for containers to sync
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1476623 | Excessive resource consumption looking for containers to sync | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1477283: project_id and user_id are empty in ceilometer storage.objects.outgoing.bytes for dlo objects
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1477283 | project_id and user_id are empty in ceilometer storage.objects.outgoing.bytes for dlo objects | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1477877: Fix six typos on swift documentation
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1477877 | Fix six typos on swift documentation | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1479972: HUP signal doesn't shutdown wsgi servers
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1479972 | HUP signal doesn't shutdown wsgi servers | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1481623: Shebang of several commands is "#!/usr/bin/python"
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1481623 | Shebang of several commands is "#!/usr/bin/python" | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1482096: swift-ring-builder sometimes uses .builder file when given .ring.gz and vice versa
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1482096 | swift-ring-builder sometimes uses .builder file when given .ring.gz and vice versa | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1483705: testCopyDestinationSlashProblems functional test fails
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1483705 | testCopyDestinationSlashProblems functional test fails | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1484565: "Quorum" on durable response is too low
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1484565 | "Quorum" on durable response is too low | OpenStack Object Storage (swift) | Undecided | Fix Released | ||
Bug #1487450: Information leak via Swift tempurls (CVE-2015-5223)
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack | High | Fix Released | ||
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack 6.1.x | High | Fix Released | ||
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack 7.0.x | High | Fix Released | ||
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack 8.0.x | High | Fix Released | ||
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack 6.0.x | High | Fix Released | ||
| 1487450 | Information leak via Swift tempurls (CVE-2015-5223) | Mirantis OpenStack 5.1.x | High | Fix Released | ||
Bug #1489587: Reconstruction error
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1489587 | Reconstruction error | OpenStack Object Storage (swift) | Medium | Fix Released | ||
Bug #1493303: [OSSA 2016-004] Swift proxy memory leak on unfinished read (CVE-2016-0738)
See the 
CVE page on Mitre.org
for more details.
