UBUNTU-CVE-2015-5271

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2015-5271

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5271.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2015-5271

Upstream

CVE-2015-5271

Withdrawn

2025-07-18T16:43:15Z

Published

2016-04-15T17:59:00Z

Modified

2025-07-16T07:33:09.133259Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

References

Affected packages

Ubuntu:18.04:LTS / tripleo-heat-templates

Package

Name: tripleo-heat-templates
Purl: pkg:deb/ubuntu/tripleo-heat-templates@5.2.0-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.2.0-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "5.2.0-1",
            "binary_name": "python-tripleo-heat-templates"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-5271.json"