—

PYSEC-2016-34

상세

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / tripleo-heat-templates

최초 영향 버전: 0 수정 버전: 0.8.7

수정 pip install --upgrade 'tripleo-heat-templates>=0.8.7'

참고

https://access.redhat.com/errata/RHSA-2015:1862 [ADVISORY]
https://bugs.launchpad.net/tripleo/+bug/1494896 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=1261697 [REPORT]
https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch [WEB]
https://github.com/advisories/GHSA-8936-44gw-7664 [ADVISORY]