Red Hat Bugzilla – Bug 1261697
CVE-2015-5271 openstack-tripleo-heat-templates: unsafe pipeline ordering of swift staticweb middleware
Last modified: 2016-04-26 09:31:43 EDT
A flaw was discovered in the pipeline ordering of the swift staticweb middleware in the swiftproxy config generated from the openstack-tripleo-heat-templates. The staticweb middleware was incorrectly configured before keystone and under some conditions may allow unauthenticated access to private data.
This issue was discovered by Christian Schwede and Emilien Macchi of Red Hat.
*** Bug 1261499 has been marked as a duplicate of this bug. ***
This issue has been addressed in the following products:
OpenStack 7.0 Director/Manager for RHEL 7
Via RHSA-2015:1862 https://access.redhat.com/errata/RHSA-2015:1862
Created openstack-tripleo-heat-templates tracking bugs for this issue:
Affects: fedora-all [bug 1272860]