PYSEC-2016-34

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2016-34

Aliases

CVE-2015-5271
GHSA-8936-44gw-7664

Published

2016-04-15T17:59:00Z

Modified

2023-11-08T03:57:57.312314Z

Summary

[none]

Details

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

References

Affected packages

PyPI / tripleo-heat-templates

Package

Name: tripleo-heat-templates; View open source insights on deps.dev
Purl: pkg:pypi/tripleo-heat-templates

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.8.7

Affected versions

0.*

0.5.6

0.6.0

0.6.1

0.6.2

0.6.3

0.6.4

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.7.5

0.7.6

0.7.7

0.7.8

0.7.9

0.8.0

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6