Back to search
CVE-2015-5271
Published: Apr 15, 2016
Modified: Aug 6, 2024
PUBLISHED
Description
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2015:1862
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=1261697
x_refsource_CONFIRM
https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
x_refsource_CONFIRM
https://bugs.launchpad.net/tripleo/+bug/1494896
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now