CVE-2015-5271 – tripleo-heat-templates

Package

Manager: pip
Name: tripleo-heat-templates
Vulnerable Version: >=0 <0.8.7

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00342 pctl0.56174

Details

TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

Metadata

Created: 2022-05-17T03:56:29Z
Modified: 2024-11-18T21:49:28Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8936-44gw-7664/GHSA-8936-44gw-7664.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-8936-44gw-7664
Finding: F017
Auto approve: 1