CVE-2015-5271
HIGH7.5EPSS 0.34%TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
Published: 5/17/2022Modified: 11/18/2024
Description
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
Affected packages (2)
- PyPI/tripleo-heat-templatesfrom 0, < 0.8.7
- PyPI/tripleo-heat-templatesfrom 0, < 0.8.7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References (10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5271
- PATCHhttps://git.openstack.org/cgit/openstack/tripleo-heat-templates
- WEBhttps://access.redhat.com/errata/RHSA-2015:1862
- WEBhttps://access.redhat.com/security/cve/CVE-2015-5271
- WEBhttps://bugs.launchpad.net/tripleo/+bug/1494896
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1261697
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml
- WEBhttps://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
- WEBhttps://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
- WEBhttps://review.openstack.org/226541