Vulnerability Description
The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openstack | 7.0 |
| Openstack | Tripleo Heat Templates | - |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2015:1862Vendor Advisory
- https://bugs.launchpad.net/tripleo/+bug/1494896
- https://bugzilla.redhat.com/show_bug.cgi?id=1261697
- https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
- https://access.redhat.com/errata/RHSA-2015:1862Vendor Advisory
- https://bugs.launchpad.net/tripleo/+bug/1494896
- https://bugzilla.redhat.com/show_bug.cgi?id=1261697
- https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch
FAQ
What is CVE-2015-5271?
CVE-2015-5271 is a vulnerability with a CVSS score of 7.5 (HIGH). The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline wh...
How severe is CVE-2015-5271?
CVE-2015-5271 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-5271?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Openstack, Openstack Tripleo Heat Templates.