Lucene search
K

43 matches found

Cvelist
Cvelist
added 2021/06/02 1:45 p.m.18 views

CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

4.4AI score0.00789EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2021/06/02 1:45 p.m.37 views

CVE-2017-8761

In OpenStack Swift through 2.10.1, 2.11.0 through 2.13.0, and 2.14.0, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected...

4.3CVSS4.4AI score0.00789EPSS
Exploits0
Veracode
Veracode
added 2019/01/15 9:7 a.m.27 views

Information Disclosure

openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS6.7AI score0.02534EPSS
Exploits0References11Affected Software1
Veracode
Veracode
added 2019/01/15 8:57 a.m.21 views

Information Disclosure

openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as the TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing...

4.3CVSS5.5AI score0.01895EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2017/10/11 12:1 p.m.4 views

USN-3451-1 swift vulnerabilities

It was discovered that OpenStack Swift incorrectly handled tempurls. A remote authenticated user in possession of a tempurl key authorized for PUT could retrieve other objects in the same Swift account. CVE-2015-5223 Romain Le Disez and Örjan Persson discovered that OpenStack Swift incorrectly...

7.5CVSS7.1AI score0.0382EPSS
Exploits0References4
OSV
OSV
added 2015/10/26 5:59 p.m.11 views

CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

7.1AI score
Exploits0References9
NVD
NVD
added 2015/10/26 5:59 p.m.39 views

CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS7.1AI score0.02534EPSS
Exploits0References9
Prion
Prion
added 2015/10/26 5:59 p.m.19 views

Design/Logic Flaw

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS6.2AI score0.02534EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2015/10/26 5:0 p.m.48 views

CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

7.1AI score0.02534EPSS
Exploits0References9
CVE
CVE
added 2015/10/26 5:0 p.m.83 views

CVE-2015-5223

OpenStack Object Storage (Swift) before 2.4.0 is affected. A flaw in tempurls allows an attacker with a PUT tempurl key to obtain sensitive information by referencing an object in another container, enabling partial information disclosure. Upgrading to Swift 2.4.0+ or applying vendor advisories (...

5CVSS7AI score0.02534EPSS
Exploits0References9Affected Software1
UbuntuCve
UbuntuCve
added 2015/10/26 12:0 a.m.27 views

CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS7.1AI score0.02534EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/05/12 12:0 a.m.22 views

Ubuntu: Security Advisory (USN-2207-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.01895EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.79 views

[USN-2207-1] OpenStack Swift vulnerability

========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.8AI score0.01895EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/05/07 12:0 a.m.28 views

Ubuntu 12.04 LTS / 12.10 / 13.10 : swift vulnerability (USN-2207-1)

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients. Note that Tenable Network...

4.3CVSS5.4AI score0.01895EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2014/05/06 8:5 p.m.50 views

USN-2207-1: OpenStack Swift vulnerability

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...

4.3CVSS5.3AI score0.01895EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.5 views

Swift: TempURL timing attack

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

4.3CVSS5.9AI score0.01895EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.28 views

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.3CVSS5.8AI score0.01895EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/03/04 7:11 p.m.35 views

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.3CVSS5.8AI score0.01895EPSS
Exploits0References2
OSV
OSV
added 2014/01/23 1:55 a.m.4 views

DEBIAN-CVE-2014-0006

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

4.3CVSS6.9AI score0.01895EPSS
Exploits0References1
OSV
OSV
added 2014/01/23 1:55 a.m.7 views

PYSEC-2014-116

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

4.3CVSS6.2AI score0.01895EPSS
Exploits0References3
Rows per page
Query Builder