CVE-2015-5271
Summary
| CVE | CVE-2015-5271 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2016-04-15 17:59:00 UTC |
| Updated | 2023-02-13 00:52:00 UTC |
| Description | The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Openstack | Tripleo Heat Templates | - | All | All | All |
| Application | Openstack | Tripleo Heat Templates | - | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
| Application | Redhat | Openstack | 7.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| 1261697 – (CVE-2015-5271) CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware | CONFIRM | bugzilla.redhat.com | |
| launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch | CONFIRM | launchpadlibrarian.net | |
| CVE-2015-5271 - Red Hat Customer Portal | MISC | access.redhat.com | |
| Bug #1494896 “tripleo-heat-templates: unsafe pipeline ordering o...” : Bugs : tripleo | CONFIRM | bugs.launchpad.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.