Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2015:1862
HistoryOct 08, 2015 - 11:48 a.m.

(RHSA-2015:1862) Moderate: Red Hat Enterprise Linux OpenStack Platform 7 director update

2015-10-0811:48:53
access.redhat.com
14

EPSS

0.003

Percentile

71.5%

JSON

Red Hat Enterprise Linux OpenStack Platform director provides the
facilities for deploying and monitoring a private or public
infrastructure-as-a-service (IaaS) cloud based on Red Hat Enterprise Linux
OpenStack Platform.

A flaw was discovered in the pipeline ordering of OpenStack Object
Storage’s staticweb middleware in the swiftproxy configuration generated
from the openstack-tripleo-heat-templates package (OpenStack director).
The staticweb middleware was incorrectly configured before the Identity
Service, and under some conditions an attacker could use this flaw to gain
unauthenticated access to private data. (CVE-2015-5271)

This issue was discovered by Christian Schwede and Emilien Macchi of
Red Hat.

This update also fixes numerous bugs and adds various enhancements.
Space precludes documenting all of these changes in this advisory.
Users are directed to the Red Hat Enterprise Linux OpenStack Platform 7
Release Notes, linked to in the References section, for information on the
most significant of these changes.

All Red Hat Enterprise Linux OpenStack Platform 7.0 director users are
advised to upgrade to these updated packages, which correct these issues
and add these enhancements.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchopenstack-ironic-discoverd< 1.1.0-6.el7ostopenstack-ironic-discoverd-1.1.0-6.el7ost.noarch.rpm
RedHat7noarchpython-rdomanager-oscplugin< 0.0.10-8.el7ostpython-rdomanager-oscplugin-0.0.10-8.el7ost.noarch.rpm
RedHat7srcpython-hardware< 0.14-7.el7ostpython-hardware-0.14-7.el7ost.src.rpm
RedHat7noarchahc-tools< 0.1.1-6.el7ostahc-tools-0.1.1-6.el7ost.noarch.rpm
RedHat7srcpython-proliantutils< 2.1.0-4.el7ostpython-proliantutils-2.1.0-4.el7ost.src.rpm
RedHat7srcopenstack-tripleo-puppet-elements< 0.0.1-5.el7ostopenstack-tripleo-puppet-elements-0.0.1-5.el7ost.src.rpm
RedHat7noarchopenstack-tripleo-puppet-elements< 0.0.1-5.el7ostopenstack-tripleo-puppet-elements-0.0.1-5.el7ost.noarch.rpm
RedHat7noarchopenstack-tuskar-ui< 0.4.0-3.el7ostopenstack-tuskar-ui-0.4.0-3.el7ost.noarch.rpm
RedHat7noarchopenstack-tuskar< 0.4.18-4.el7ostopenstack-tuskar-0.4.18-4.el7ost.noarch.rpm
RedHat7noarchos-cloud-config< 0.2.8-7.el7ostos-cloud-config-0.2.8-7.el7ost.noarch.rpm
Rows per page:
1-10 of 311

Related

osv 2
cvelist 1
github 1
nvd 1
veracode 1
cve 1
ubuntucve 1
prion 1
osv
osv
PYSEC-2016-34
2016-04-15 17:59:00
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
2022-05-17 03:56:29
cvelist
cvelist
CVE-2015-5271
2016-04-15 17:00:00
github
github
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
2022-05-17 03:56:29
nvd
nvd
CVE-2015-5271
2016-04-15 17:59:00
veracode
veracode
Unauthenticated Access To Private Data
2019-01-15 09:07:52
cve
cve
CVE-2015-5271
2016-04-15 17:59:00
ubuntucve
ubuntucve
CVE-2015-5271
2016-04-15 00:00:00
prion
prion
Information disclosure
2016-04-15 17:59:00

EPSS

0.003

Percentile

71.5%

JSON
Related for RHSA-2015:1862
osv2cvelist1github1nvd1veracode1cve1ubuntucve1prion1