GHSA-8936-44gw-7664

Source

https://github.com/advisories/GHSA-8936-44gw-7664

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8936-44gw-7664/GHSA-8936-44gw-7664.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-8936-44gw-7664

Aliases

CVE-2015-5271
PYSEC-2016-34

Published

2022-05-17T03:56:29Z

Modified

2024-11-18T22:07:57.154431Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers

Details

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

Database specific

{
    "nvd_published_at": "2016-04-15T17:59:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T17:58:53Z"
}

References

Affected packages

PyPI / tripleo-heat-templates

Package

Name: tripleo-heat-templates; View open source insights on deps.dev
Purl: pkg:pypi/tripleo-heat-templates

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.7

Affected versions

0.*

0.5.6

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.7.9

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6