CVE-2015-5271

HIGH

TripleO Heat templates - Info Disclosure

Title source: llm

Description

The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

References (4)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2015:1862

[Issue Tracking] https://bugs.launchpad.net/tripleo/+bug/1494896

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1261697

[Various Sources] https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

Scores

CVSS v3 7.5

EPSS 0.0034

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (3)

redhat/openstack

openstack/tripleo_heat_templates

pypi/tripleo-heat-templates < 0.8.7PyPI

Timeline

Published Apr 15, 2016

Tracked Since Feb 18, 2026