Information Disclosure

2019-01-1509:07:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

openstack-swift is vulnerable to information disclosure attacks. The vulnerability exists as OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

CPENameOperatorVersion
openstack-swifteq1.13.1__4.el6ost
openstack-swifteq1.13.1__2.el7ost
openstack-swifteq1.13.1__7.el7ost
openstack-swifteq1.13.1__4.el7ost
openstack-swifteq1.4.8__4.el6
openstack-swifteq2.2.0__2.el7ost
openstack-swifteq1.8.0__2.el6ost
openstack-swifteq2.2.0__4.el7ost
openstack-swifteq1.8.0__8.el6ost
openstack-swifteq1.7.4__11.el6ost

Name	Operator	Version
openstack-swift	eq	1.13.1__4.el6ost
openstack-swift	eq	1.13.1__2.el7ost
openstack-swift	eq	1.13.1__7.el7ost
openstack-swift	eq	1.13.1__4.el7ost
openstack-swift	eq	1.4.8__4.el6
openstack-swift	eq	2.2.0__2.el7ost
openstack-swift	eq	1.8.0__2.el6ost
openstack-swift	eq	2.2.0__4.el7ost
openstack-swift	eq	1.8.0__8.el6ost
openstack-swift	eq	1.7.4__11.el6ost