Adds OSSA-2015-016

Change-Id: Iee2feed14c566ef69944bccc4a74935a72514216
This commit is contained in:
Tristan Cacqueray 2015-08-26 11:40:29 -04:00
parent 482576204d
commit 729ddb2578
1 changed files with 58 additions and 0 deletions

58
ossa/OSSA-2015-016.yaml Normal file
View File

@ -0,0 +1,58 @@
date: 2015-08-26
id: OSSA-2015-016
title: 'Information leak via Swift tempurls'
description: 'Richard Hawkins from Rackspace and Swift core reviewers reported a
vulnerability in Swift tempurls. When in possession of a tempurl key
authorized for PUT, a malicious actor may retrieve other objects in
the same Swift account (tenant). All Swift setups are affected.'
affected-products:
- product: swift
version: versions through 2.3.0
vulnerabilities:
- cve-id: CVE-2015-5223
reporters:
- name: 'Richard Hawkins'
affiliation: Rackspace
reported:
- CVE-2015-5223
- name: 'Swift core reviewers'
affiliation: OpenStack
reported:
- CVE-2015-5223
issues:
links:
- https://launchpad.net/bugs/1453948
- https://launchpad.net/bugs/1449212
type: launchpad
reviews:
liberty:
- https://review.openstack.org/217259
- https://review.openstack.org/217260
kilo:
- https://review.openstack.org/217254
- https://review.openstack.org/217255
juno:
- https://review.openstack.org/217253
type: gerrit
notes:
- 'This fix will be included in future 2014.2.4 (juno) and 2015.1.2 (kilo)
releases.'