Vulnerability Description
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openstack | Swift | 1.4.6 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2014-0232.html
- http://www.openwall.com/lists/oss-security/2014/01/17/5Patch
- https://bugs.launchpad.net/swift/+bug/1265665Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0232.html
- http://www.openwall.com/lists/oss-security/2014/01/17/5Patch
- https://bugs.launchpad.net/swift/+bug/1265665Vendor Advisory
FAQ
What is CVE-2014-0006?
CVE-2014-0006 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing...
How severe is CVE-2014-0006?
CVE-2014-0006 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0006?
Check the references section above for vendor advisories and patch information. Affected products include: Openstack Swift.