Information leak via Swift tempurls (CVE-2015-5223)
Bug #1487450 reported by
Alexey Khivin
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
Alexey Khivin | ||
5.1.x |
Fix Released
|
High
|
Denis Meltsaykin | ||
6.0.x |
Fix Released
|
High
|
Alexey Khivin | ||
6.1.x |
Fix Released
|
High
|
Alexey Khivin | ||
7.0.x |
Fix Released
|
High
|
Alexey Khivin | ||
8.0.x |
Fix Released
|
High
|
Alexey Khivin |
Bug Description
Richard Hawkins from Rackspace and Swift core reviewers reported a
vulnerability in Swift tempurls. When in possession of a tempurl key
authorized for PUT, a malicious actor may retrieve other objects in the
same Swift account (tenant). All Swift setups are affected.
CVE References
tags: | added: swift |
summary: |
- Vulnerability in OpenStack Swift (CVE-2015-5223) + Information leak via Swift tempurls (CVE-2015-5223) |
tags: | added: 6.0 release-notes-done |
information type: | Private Security → Public Security |
tags: |
added: area-swift removed: swift |
tags: | added: feature-security |
To post a comment you must log in.
fix for 8.0 branch should be merged from upstream