CVE-2015-5271

Published: Apr 15, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

Affected (2)

Products: Redhat: Openstack · Openstack: Tripleo Heat Templates

1 product

1 product

Tripleo Heat Templates

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Openstack	Version 7.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Openstack Tripleo Heat Templates	All versions

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

https://access.redhat.com/errata/RHSA-2015:1862

Source: secalert@redhat.com

Vendor Advisory

https://bugs.launchpad.net/tripleo/+bug/1494896

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1261697

Source: secalert@redhat.com

https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2015:1862

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugs.launchpad.net/tripleo/+bug/1494896

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1261697

Source: af854a3a-2127-422b-91ae-364da2661108

https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.