CVE-2015-5271
HIGH7.5EPSS 0.34%TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
發布日:2022/5/17修改日:2024/11/18
描述
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
受影響套件(2)
- PyPI/tripleo-heat-templatesfrom 0, < 0.8.7
- PyPI/tripleo-heat-templatesfrom 0, < 0.8.7
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-5271
- PATCHhttps://git.openstack.org/cgit/openstack/tripleo-heat-templates
- WEBhttps://access.redhat.com/errata/RHSA-2015:1862
- WEBhttps://access.redhat.com/security/cve/CVE-2015-5271
- WEBhttps://bugs.launchpad.net/tripleo/+bug/1494896
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1261697
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml
- WEBhttps://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
- WEBhttps://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
- WEBhttps://review.openstack.org/226541