CVE-2015-5223

Published: Oct 26, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

Affected (1)

Products: Openstack: Swift

Openstack

1 product

Swift

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Swift	Up to 2.3.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1895.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0329.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/08/26/5

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/84827

Source: secalert@redhat.com

https://bugs.launchpad.net/swift/+bug/1449212

Source: secalert@redhat.com

https://bugs.launchpad.net/swift/+bug/1453948

Source: secalert@redhat.com

https://security.openstack.org/ossa/OSSA-2015-016.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html