CVE-2014-0006 – swift

Package

Manager: pip
Name: swift
Vulnerable Version: >=1.4.6 <=1.8.0 || >=1.9.0 <=1.10.0 || =1.11.0 || >=1.11.0 <1.12.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00262 pctl0.49344

Details

OpenStack Swift Discloses Secret URLs to Timing Attack The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.

Metadata

Created: 2022-05-17T04:50:15Z
Modified: 2024-11-26T18:50:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cf9m-q836-vf26/GHSA-cf9m-q836-vf26.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-cf9m-q836-vf26
Finding: F038
Auto approve: 1