Bug 1255622 (CVE-2015-5223)
Summary: | CVE-2015-5223 openstack-swift: Information leak via Swift tempurls | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aavati, abaron, aortega, apevec, ayoung, chrisw, dallan, derekh, gkotton, gmollett, lhh, lpeer, markmc, nlevinki, rbryant, rfortier, rhs-bugs, sankarshan, sclewis, security-response-team, sgirijan, sisharma, slong, smohan, srevivo, ssaha, tdecacqu, vbellur, zaitcev |
Target Milestone: | --- | Keywords: | Reopened, Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
A flaw was discovered in the OpenStack Object Storage service (swift) TempURLs. An attacker in possession of a TempURL key with PUT permissions could gain read access to other objects in the same project (tenant).
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2017-03-23 06:31:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1263018, 1264282, 1264283, 1264284, 1264285, 1264286 | ||
Bug Blocks: | 1255631 |
Description
Adam Mariš
2015-08-21 08:16:52 UTC
Acknowledgements: Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Richard Hawkins of Rackspace and the Swift core reviewers as the original reporters of this issue. Public via: http://seclists.org/oss-sec/2015/q3/442 Created openstack-swift tracking bugs for this issue: Affects: fedora-all [bug 1264282] Affects: openstack-rdo [bug 1264286] This issue has been addressed in the following products: OpenStack 6 for RHEL 7 OpenStack 7 For RHEL 7 OpenStack 5 for RHEL 6 OpenStack 5 for RHEL 7 Via RHSA-2015:1895 https://rhn.redhat.com/errata/RHSA-2015-1895.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 6 Via RHSA-2016:0329 https://rhn.redhat.com/errata/RHSA-2016-0329.html This issue has been addressed in the following products: Red Hat Gluster Storage 3.1 for RHEL 7 Via RHSA-2016:0328 https://rhn.redhat.com/errata/RHSA-2016-0328.html |