43 matches found
CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
CVE-2017-8761
In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...
Information Disclosure
openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
Information Disclosure
openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as the TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing...
USN-3451-1 swift vulnerabilities
It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. CVE-2015-5223 Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly...
CVE-2015-5223
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
CVE-2015-5223
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
Design/Logic Flaw
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
CVE-2015-5223
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
CVE-2015-5223
OpenStack Object Storage (Swift) before 2.4.0 is affected. A flaw in tempurls allows an attacker with a PUT tempurl key to obtain sensitive information by referencing an object in another container, enabling partial information disclosure. Upgrading to Swift 2.4.0+ or applying vendor advisories (...
CVE-2015-5223
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
Ubuntu: Security Advisory (USN-2207-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[USN-2207-1] OpenStack Swift vulnerability
========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...
Ubuntu 12.04 LTS / 12.10 / 13.10 : swift vulnerability (USN-2207-1)
Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients. Note that Tenable Network...
USN-2207-1: OpenStack Swift vulnerability
Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...
Swift: TempURL timing attack
The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
DEBIAN-CVE-2014-0006
The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...
PYSEC-2014-116
The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...