Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04OTM2LTQ0Z3ctNzY2NM4AAdXr
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
Permalink: https://github.com/advisories/GHSA-8936-44gw-7664JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04OTM2LTQ0Z3ctNzY2NM4AAdXr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 7.5
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-8936-44gw-7664, CVE-2015-5271
References:
- https://nvd.nist.gov/vuln/detail/CVE-2015-5271
- https://access.redhat.com/errata/RHSA-2015:1862
- https://bugs.launchpad.net/tripleo/+bug/1494896
- https://bugzilla.redhat.com/show_bug.cgi?id=1261697
- https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
- https://access.redhat.com/security/cve/CVE-2015-5271
- https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
- https://review.openstack.org/226541
- https://github.com/advisories/GHSA-8936-44gw-7664
Affected Packages
pypi:tripleo-heat-templates
Dependent packages: 0Dependent repositories: 2
Downloads: 863 last month
Affected Version Ranges: < 0.8.7
Fixed in: 0.8.7
All affected versions: 0.5.6, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.8.0, 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.8.5, 0.8.6
All unaffected versions: 0.8.7, 0.8.8, 0.8.9, 0.8.10, 0.8.11, 0.8.12, 0.8.13, 0.8.14, 2.0.0, 2.1.0, 2.2.0, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5, 5.3.6, 5.3.7, 5.3.8, 5.3.9, 5.3.10, 5.3.11, 5.3.12, 5.3.13, 6.0.0, 6.1.0, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.2.16, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0, 8.2.0, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.4.1, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.6.2, 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.3.1, 11.4.0, 11.5.0, 11.6.0, 12.0.0, 12.1.0, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.4.6, 12.5.0, 12.6.0, 12.7.0, 13.0.0, 13.1.0, 13.2.0, 13.3.0, 13.4.0, 13.5.0, 13.6.0, 14.0.0, 14.1.0, 14.1.1, 14.1.2, 14.2.0, 14.3.0, 15.0.0, 15.1.0, 16.0.0, 17.0.0, 18.0.0