OpenStack Swift Discloses Secret URLs to Timing Attack
High severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Package
Affected versions
>= 1.4.6, <= 1.8.0
>= 1.9.0, <= 1.10.0
= 1.11.0
Patched versions
1.12.0
Description
Published by the National Vulnerability Database
Jan 23, 2014
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Aug 16, 2023
Last updated
Nov 26, 2024
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack.
References