Description
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0232.html
Vendor Advisory x_refsource_confirm
https://bugs.launchpad.net/swift/+bug/1265665
Patch mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/01/17/5
Scores
EPSS
0.0042
EPSS Percentile
62.2%
Details
CWE
CWE-200
Status
published
Products (17)
openstack/swift
1.4.6
openstack/swift
1.4.7
openstack/swift
1.4.8
openstack/swift
1.5.0
openstack/swift
1.6.0
openstack/swift
1.7.0
openstack/swift
1.7.2
openstack/swift
1.7.4
openstack/swift
1.7.5
openstack/swift
1.7.6
... and 7 more
Published
Jan 23, 2014
Tracked Since
Feb 18, 2026