CVE-2015-5271

{"id": "CVE-2015-5271", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2016-04-15T17:59:00.193", "references": [{"url": "https://access.redhat.com/errata/RHSA-2015:1862", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugs.launchpad.net/tripleo/+bug/1494896", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1261697", "source": "secalert@redhat.com"}, {"url": "https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors."}, {"lang": "es", "value": "Las plantillas TripleO Heat (tripleo-heat-templates) no ordena correctamente el Identity Service (keystone) en versiones anteriores al middleware de web est\u00e1tica OpenStack Object Storage (Swift) en el pipeline de swiftproxy cuando el middleware de web est\u00e1tica est\u00e1 habilitado, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible de contenedores privados a trav\u00e9s de vectores no especificados."}], "lastModified": "2023-02-13T00:52:37.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DAA72A4-AC7D-4544-89D4-5B07961D5A95"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openstack:tripleo_heat_templates:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFB6AF34-5670-47C2-85A4-1C3E0D6AE890"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}